The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US navy information has been compromised.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Editor’s note: This story originally appeared on Defence Connect's sister brand, Cyber Daily.
As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the Hunters International Ransomware group, a gang that only recently appeared earlier this year.
The threat actor is yet to post any data belonging to the shipbuilder, but has warned that it will post 43 sample files very soon, adding up to 87.2MB of data.
According to Hunter International’s leak site, the data stolen includes private data, personally identifiable information and government data, however no more detail has been provided beyond that.
Additionally, the threat group has indicated that it has not encrypted any of Austal USA’s data.
Austal USA is currently undertaking a number highly sensitive projects as part of contracts for the US Navy including a program for building Virginia class nuclear-powered submarines and another for Littoral combat ships, all at its Alabama mobile shipyards.
It also has navy contracts relating to US Coast Guard cutters and surveillance craft.
The theft of some of Austal USA’s data could have dire affects for not only the organisation, but for the US Navy and the national security of the US itself.
The attack is not the first that Austal has suffered, after the Australian parent company of the Perth based ship builder suffered a ransomware attack back in 2018.
At this stage, Austal USA has not released a statement regarding the attack. Cyber Daily has reached out to the shipbuilder requesting comment on the incident.
The attack came as a result of stolen credentials that were sold on the dark web, however the company said that no confidential information was lost and that it would not engage with the threat group, a stance that many organisations take today.
The recent Austal USA attack rounds out a troubling year for Austal, with three of its executives having been charged by the SEC back in March for conducting a scheme to show lower cost estimates to meet the company’s budget and revenue projections.
"We allege that Austal USA’s executives manipulated its financial results, causing harm to U.S. investors in the securities of its parent company, Austal Limited," said Regional Director of the SEC’s Denver Regional Office, Jason Burt.
"As the complaint articulates, if the defendants had not fraudulently manipulated the cost estimates, Austal Limited would have missed, by wide margins, analyst consensus estimates for EBIT."
The Hunters International hacking group is believed to have been born from the ashes of the formerly notorious Hive ransomware group, which was disbanded by the FBI in collaboration with European law enforcement agencies in January this year.
Hive was highly successful, having stolen over US$100 million in ransomware payments and a list of over 1,500 victims.
#Hive is back!
— rivitna (@rivitna2) October 20, 2023
Now they are #Hunters International!https://t.co/JmJva3JEeo pic.twitter.com/VuE4nruH6v
It is common for hacking groups to regroup and rebrand following being taken down or disbanding. The belief that Hunters International is the new Hive ransomware group came after a number of code similarities were found.
"It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International," said Bitdefender’s technical solutions director, Martin Zugec.
However, Hunters International has said that it is a different group, and that it simply bought Hive’s source code.
"The group appears to place a greater emphasis on data exfiltration," added Zugec.
"Notably, all reported victims had data exfiltrated, but not all of them had their data encrypted," making Hunters International more of a data extortion outfit.