...
Hacker's Apparent Activities
The Los Angeles-based security company Resecurity® has been communicating with the person who claims to have compromised and tried to sell Panasonic India’s data. Resecurity®’s Hunter Unit specializes in striking up conversations with attackers via instant messaging and dark web forums, gaining intelligence on their methods and motives.
The apparent attacker speaks Russian and is highly technical, say Gene Yoo, Resecurity®’s CEO. Typically, after the attacker compromises a company, he tries to extort it, Yoo says, and the larger the company, the higher the ransom. If direct extortion fails, the attacker sells the access to other criminals, who mount a ransomware attack, Yoo says.
Yoo says this attacker claimed responsibility for breaching Foxconn and its subsidiaries, which Bleeping Computer reports were hit by a ransomware attack around Nov. 29. The attackers were demanding about $34 million, payable in bitcoin.
After gaining access to Foxconn, the attacker then sold that access to other actors, who installed file-encrypting ransomware, Yoo says. Prices the hacker charges for access to an organization’s network range from $1,000 to $10,000, depending on how permissive the access is, he adds.
“Unfortunately, we see more and more actors establishing close operations with ransomware groups by becoming their affiliates,” Yoo says.
Panasonic India said it would not answer further questions about the ransom attempt. It’s unclear how the attacker breached Panasonic India’s systems, but the attacker claimed he had administrator access to two of the company’s internal domains. That likely means access to Active Directory. Active Directory is Microsoft’s software that brokers access to user accounts and applications. It is highly valuable to attackers because it can allow access to other system connected to it... Please continue the article at the source
