Notorious ALPHV ransomware group has claimed the Dalumi Group cyber attack.
Dalumi Group, a leading player in the global diamond and jewelry industry, is the sightholder of diamond company De Beers and has manufacturing facilities in Botswana, Israel, China and India.
A sightholder is a company on the De Beers Global Sightholder Sales’s (DBGSS) list of authorized bulk purchasers of rough diamonds.
According to the ransomware group’s post, the threat actor attacked the company and uploaded the stolen data to its dark web website on April 4, 2023.
“Beauty is in the eyes of the beholder, but in diamonds there is more than meets the eye,” read the post by ALPHV ransomware group.
While there is no mention of a ransom demand, the ALPHV ransomware group may attempt to negotiate with the company. The Dalumi Group cyber attack has not been confirmed by the company.
In these types of cases, it’s a common tactic used by ransomware groups to pressure the victim into a ransom deal while the threat actor holds the victim’s data hostage and extorts them for a hefty payout.
ALPHV Ransomware Behind Dalumi Group Cyber Attack
Dalumi Group is a New York-headquartered diamond company with operations based in Israel, with over 50 years of experience in the industry.
Following the ransomware groups’ claim of Dalumi Group cyber attack, The Cyber Express team has contacted Dalumi Group for more information on the incident. However, the company is yet to respond or release an official statement.
If the claims by ALPHV ransomware group are true, then the information stored on Dalumi Group’s network could potentially be exposed, causing irreparable damage to the company’s reputation and trust with its stakeholders.
As the threat of cyber attacks continues evolving, companies must prioritize their cybersecurity measures. This includes regular security assessments, employee training, and investing in the latest technology to prevent breaches.
In the case of Dalumi Group, it’s unclear whether they had taken the necessary precautions to protect themselves from cyber threats. However, this incident is a stark reminder to all organizations that cybersecurity should never be taken lightly.
Dalumi Group cyber attack, diamond industry, and more
Dalumi Group is a sightholder of De Beers, one of the world’s largest diamond companies. It means that the group has a direct supply agreement with De Beers to purchase rough diamonds.
The company is involved in every stage of the diamond production process, from sourcing rough diamonds to cutting, polishing, and selling the final product, spreading the possible damage of a possible data across the sector.
Diamond manufacturing and marketing industry has been a preferred victim of cybercriminals.
In December 2022, ESET researchers uncovered a series of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong.
Attributed to an Iranian advanced persistent threat (APT) actor known as Agrius, the wiper called Fantasy was thought to have been delivered via a supply-chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022.
According to ESET researcher Adam Burgher, the Fantasy wiper is built on the foundations of the previously reported Apostle wiper but does not attempt to masquerade as ransomware as Apostle originally did.
Instead, it wipes data immediately, and victims include HR firms, IT consulting companies, and diamond wholesalers.
The Agrius group has been active since at least December 2020 and leverages known security flaws in internet-facing applications to drop web shells that facilitate reconnaissance, lateral movement, and the delivery of final-stage payloads.
The first attack was detected on February 20, 2022, when the actor deployed credential harvesting tools in the IT network of a South African organization.
On March 12, 2022, Agrius initiated the wiping attack via Fantasy before striking other companies in Israel and Hong Kong on the same date.
