Infosec Round-Up: April 16th

Nuclear Cyber Attack, Capcom Hack & Ransomware Food Shortage

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Capcom Hack Update

Japanese game developer Capcom has released an update regarding a ransomware attack that occurred back in November 2020, detailing the theft of personal information belonging to thousands of individuals.

Struck by the Ragnar Locker strain of ransomware late last year, the company had at the time stated there was “no indication that any customer information was breached”, a statement which has been revised, with it now understood that data belonging to 15,649 individuals’ was breached.

Having stolen around 1TB of sensitive data and demanded $11 million in ransom, the attackers reportedly gained access to Capcom networks by targeting an old VPN backup device located in North America, then pivoting the attack to offices in Japan.

Having decided to not engage, or indeed pay the attackers, Capcom data was as a result leaked online a few weeks after the attack, though now has systems ‘near to completely restored’.

In the latest statement, the company noted, “With the newly established Information Technology Security Oversight Committee, the company will work toward continuously strengthening both security and the protection of personal information going forward.”

Ransomware Cheese Shortage

Following a ransomware attack against a Netherlands food logistics company, the country briefly suffered from a shortage of pre-packaged cheese.

Transport company Bakker Logistiek confirmed the attack late last week, noting that the disruption to automated systems would not cause a complete stoppage of services but a reduction.

Thought to have come as a result of a Microsoft Exchange server vulnerability, the company is the latest victim involving the group of Microsoft security bugs that were disclosed in March.

Referred to by Dutch supermarket chain Albert Heijn as a “technical malfunction”, deliveries to over 1,000 locations around the country were disrupted for around 3 days, though services are now operational.

Declining to say whether any ransom was paid, director of the logistics company, Toon Verhoeven told a Netherlands publication, “We've filed a report and it's now up to the Justice Department, we're not making any further statements about that. We have worked hard over the last six days to get our information systems back up and running.”

Cyber Attack on Nuclear Facility

The state of Iran has announced that the newest of the country’s nuclear facilities has been taken offline on its second day, following what many are reporting to be a cyber-attack.

Reminiscent of the 2010 ‘Stuxnet’ incident, in which centrifuges used in the process of nuclear enrichment were destroyed by a highly sophisticated computer worm, Iranian officials have referred to this latest incident as an act of “nuclear terrorism.”

Reportedly damaging thousands of machines and eliminating Iran’s capacity for uranium enrichment, some outlets have also reported explosions at the facility, though officials have provided little in the way of details regarding the incident.

With Iran’s nuclear capabilities obviously a great source of tension within the region, given some previous incidents, many suspect Israel’s involvement with the attack.

Speaking on Sunday, Israeli Prime Minister Benjamin Netanyahu did note, “the struggle against Iran and its proxies and the Iranian armament efforts is a huge mission”. Adding, “The situation that exists today will not necessarily be the situation that will exist tomorrow.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.