The UK retailer co-up has confirmed that individual data of 6.5 million members were stolen and the system was shut down in a large-scale cyber attack in April and there was a lack of food in its grocery stores.
Co-up (small for cooperative group) is one of the United Kingdom’s largest consumer cooperative societies, operation food reserves, funeral services, insurance and legal services. It is owned by millions of members who exemption services and share it under the company’s rule.
The CEO of the co-op, Shirin Khauri-Hauq, apologized at the BBC breakfast show today, confirming that the attackers successfully stole data to all their 6.5 million members.
Khauri-Hauq said, “His data was copied, and criminals had access as they hack other organizations. It is unfortunately a terrible part of it.”
While no financial or transaction information was revealed in the attack, contact information for its members was stolen.
The CEO said that the violation seemed like a personal attack, not on it, but on the members and employees of the co-op.
“And it’s not about me. It was my colleagues. It was personal to me because it hurts them. It hurts my members. They took their data and it hurts our customers and I personally take,” he explained in the interview.
Cyberattack took place in April, forced to close several IT systems to cum-ups to stop several IT systems to prevent the danger actors to spread to the equipment and eventually stop the dragonforce ransomware encrypter.
Initially, as an intrusion into its network, the company later confirmed that a “significant” amount of data was accessed and stolen during the attack.
Sources told Bleepingcomputer at the time that the breech was initially on April 22, when the danger actors carried out a social engineering attack, which allowed him to reset an employee’s password.
Once they get access to the network, they spread to other devices and eventually stole the Windows Domain’s Windows Ntds.Dit file. This file is a database for Windows Active Directory Services that contains a password hash for Windows accounts.
Threatening actors usually steal this file to remove and crack offline passwords, allowing them to spread in other devices on the network.
Bleepingcomputer was told that the attack was linked to the threats related to the scattered spider, who were associated with the Marx and Spencer (M&S) Cyberlack, where the dragonforce ransomware was deployed.
The BBC reported that he spoke to the Dragonforce Rainmware operator about the co-op, who confirmed that one of its collaborative attacks. He also shared data samples with the BBC, claiming that corporate and customer data of co-op were stolen during the attack.
Last week, the UK’s National Crime Agency (NCA) suspected four people to join the attacks on co-up, M&S, and made an attempt on Harrods.
The arrested person is a two -year -old man, a 17 -year -old man, and a 20 -year -old woman, who was arrested in London and West Midlands.
it is Informed One of the arrested suspects is associated with 2023 attacks on MGM Resorts, resulting in an encryption of more than 100 VMware ESXI virtual machines.
The MGM attack was also attributed to the scattered Spider, who was working with a blackcat ransomware operation at that time.
While cloud attacks can be more sophisticated, the attackers still succeed with surprisingly simple techniques.
Drawing by the detection of Vij in thousands of organizations, this report reveals the 8 major techniques used by Claude-Floid danger actors.
