Hackers Steal And Ransom Financial Data Related To Some Of The World’s Largest Companies
Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also threatened to release data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material.
Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company’s website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday.
“Citycomp has been hacked and blackmailed and the attack is ongoing,” Bartsch wrote. “We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”
Do you know anything else about this breach? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com
In a website apparently created to threaten the distribution of Citycomp client data, the hackers claim they are in possession of “312,570 files in 51,025 folders, over 516GBb data financial and private information on all clients.” Some of the clients include Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen, according to a list of the victims on the website.
It appears the data may relate to German offices of those companies. Several entities in the victim list have the “GmbH” title; the German term for a limited liability company. Two supermarkets popular in Germany, REWE and Kaufland, are also included.
“We have informed and warned all concerned clients,” Bartsch said.
“There was full transparency about the attack and theft as well as public release of the data with our clients from the very beginning. The support is unanimous,” he added.
Before Bartsch’s confirmation, Motherboard contacted multiple Citycomp clients on Monday, including British Telecom, Oracle, Airbus, Porsche, and Ericsson. None responded to a request for comment.
“We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”
The data itself is not available to download from the website at the time of writing; when clicking a link through to a particular file, the site presents a “403 Forbidden” error message. It is possible to see a list of files for each victim, however. Judging by the filenames, many files appear to be finance-related spreadsheets, but Motherboard has not seen a copy of any of the stolen data firsthand. Some victims only have one, two or three files listed, while others have hundreds.
The post adds that the files will be released on April 31st, 2019 (there are only 30 days in April).
Increasingly, hackers have threatened to release or simply dump data belonging to a victim in order to pressure them into paying a ransom. Bartsch said the company has not given in to such a demand, though.
“We did not yield to the extortion demands and our analysts are conducting a profound technical and forensic analysis on the attack,” he wrote.
On the data website, the hackers included an email address to contact them. The hackers did not immediately respond to a request for comment.
Subscribe to our new cybersecurity podcast, CYBER.
READ MORE HERE