The co-ope of cyber attacks are far worse than reported in the beginning, the company now confirms that data was stolen for a significant number of current and previous customers.
“As a result of the ongoing forensic investigation, we now know that hackers were capable of accessing data from one of our systems,” co-op told Bleepingcomputer.
“Accessed data included information related to a significant number of our current and previous members.”
“This data includes names and contact details such as individual data of co-up group members, and it does not include members’ passwords, banks or credit card details, information related to any member or customer products or services.”
On Wednesday, the UK retail giant cum-up reduced the cyber attack, stating that he had shut down parts of his IT system after finding an attempt in his network.
However, soon after the news broke, Blapping Coper discovered that the company faced a violation using a really scattered spider/octo temperature strategy, but their rescue prevented danger actors from causing significant damage to the network.
Sources told Bleepingcomputer that it is believed that the attack took place on April 22, in which the danger actors used a strategy similar to an attack on Marx and Spencer. The danger actors allegedly launched a social engineering attack, which allowed him to reset an employee’s password, which was then used to break the network.
Once they get access to the network, they stole the Windows Ntds.Dit file, a database for Windows Active Directory Services that contains a password for Windows accounts.
Co-op is now in the process of rebuilding all its Windows domain controllers and hardening the entra ID with the help of Microsoft Dart. KPMG AWS is assisting with support.
While sharing these details with the co-op yesterday, the company said that it had nothing else to share and sent us his original statement.
Dragonforce ransomware behind the attack
Today, BBC reported earlier The colleague for the dragonforce ransomware operation is also behind the attack on the co-op.
The BBC correspondent Joe Tidi spoke to the dragonforce operator who confirmed that he was behind the attack and shared stolen corporate and customer data samples during the attack. The danger actors claim to have data of 20 million people who registered for the subscription prize program of the co-op.
The danger actors said that they contacted co-co-opted cyber security and other officials using messages from Microsoft teams, sharing screenshots of forcible recovery messages with the BBC.
After the attack, the co-op sent an internal email to the employees warning to be cautious when using the Microsoft teams and not to share any sensitive data, it is likely to be out of the concern that hackers still had access to the platform.
The danger actors also claimed the BBC that they were behind the cybercate attempt on heroes.
Dragonforce is a ransomware-e-sarvis operation where other cyber criminals may be involved as a partner to use their ransomware encrypters and dialogue sites. In turn, dragonforce operators are paid any kind of any kind of re-payment that is paid by the victims.
In the attacks, the allies will violate a network, steal data, and eventually deploy malware that encryps files on all servers and workstations. The danger actor then demands ransom payment to retrieve a decree and promises that the stolen data will be removed.
If the ransom is not paid, the ransomware operation usually publishes the stolen data on their dark web data leak site.
Dragonforce is a relatively new operation, but one of the more prominent people in ransomware space.
They are believed to have been working with English -speaking danger actors who fit a specific set of strategies called “scattered spider” or “octo temps”.
These threats are experts to use actor social engineering attacks, sim swapping, and MFA fatigue attacks that steal the network and then steal data or deploy ransomware. Danger actors are known to aggressively expand their victims.
To be clear, the scated spider does not have a gang or group with specific members. Instead, they are an unknown community of economically motivated danger actors who collect on the same telegram channels, discord servers and hacking forums.
Since they are “scattered” in the cybercrime landscape, it is more difficult to track individual people for law enforcement who are associated with an attack.
The original threats associated with the classification of the scattered spider were behind a string of the attacks, including MGM and Redit.
Some, if not, is now arrested by the US, United Kingdom and Spain among these original hackers.
However, the first unknown hackers or cheating are now using similar methods to increase attacks.
Cyber security researcher Will Thomas kept together Recommended guide On defending against scattered spider attacks.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
