Hitachi Energy, a subsidiary of Hitachi, was breached by the Clop ransomware group. The incident was confirmed by the organization and occurred due to the Forta’s GoAnywhere hack.
It is currently unknown whether a ransom was demanded or services were disrupted. However, the website remains accessible following the alleged cyberattack.
Cybersecurity researcher Dominic Alvieri tweeted about the Hitachi Energy cyberattack.
Acknowledging the security incident, Hitachi released an official statement. “We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group that could have resulted in an unauthorized access to employee data in some countries.”
The Cyber Express has reached out to Hitachi Energy, however, is yet to receive a response from them.
The Clop ransomware attacks
The Clop ransomware group has broken LockBit’s record in posting the highest number of victims on its leak site in a day.
According to Alvieri the Clop ransomware group added 26 posts with victims on March 17, more than LockBit’s record. Onex, Rubrik, Rio Tinto, etc., were named among the other 26 victims.
LockBit has been the most active ransomware group with Clop following closely according to a Heimdal report that listed it on top among other groups.
In a few days, Clop has listed several GoAnywhere cyberattack victims as well including Accreditation Commission for Education in Nursing (ACEN).
The Clop ransomware group earlier known as TA505 was discovered by security researchers in February 2019 and, after launched a spear-phishing attack. The group functioned as ransomware-as-a-service.
The developers and operators of the ransomware group seem skilled with detection evasion as it used a digitally signed binary that made it look legitimate and evade detection. The group started double extortion—the exfiltration and encrypting of data for ransom in April 2020.
Clop targets between January 2021 to January 2022
According to a survey conducted from January 2021 to January 2022, the United States of America was the country with the highest number of cyberattack attempts per machine by the Clop ransomware group, with 2,214 attempts per machine.
Spain followed in second place with 505 attempts, while Mexico, India, and the Philippines trailed behind the USA. Other countries surveyed included Brazil, Singapore, Hong Kong, Germany, and the United Kingdom.
The healthcare sector experienced the highest number of cyberattack attempts per machine by Clop, with 959 attempts, followed by finance with 150 attempts.
The media industry experienced 53 attempts, with real estate, food and beverages, manufacturing, technology, and materials following.
The government sector suffered five cyberattack attempts, and banking was tenth with four cyberattack trials. The group was detected making the highest number of cyberattack attempts in June 2021, with 784 machines targeted, and 663 in March.
Leave a Reply