The 8BASE ransomware group has disclosed information regarding a cyberattack targeting the website of Delaney Browne Recruitment, an England-based recruitment agency. The hackers assert that they have acquired personal data and other pertinent information as a result of the purported Delaney Browne cyber attack on the organization’s systems.
The website of the recruitment agency serving the counties of Berkshire and Buckinghamshire was accessible after the alleged Delaney Browne cyber attack.
Despite inquiries made by The Cyber Express, the implicated company has yet to respond regarding the claimed cyber attack on Delaney Browne.
Details posted by 8BASE about the Delaney Browne cyber attack
8BASE, a ransomware group, active since 2022, claimed that they have the following details from the Delaney Browne cyber attack –
- Invoice
- Receipts
- Accounting documents
- Personal data
- Certificates
- Employment contracts
- Confidentiality agreements
- Personal files of employees and clients
The hackers from 8BASE have the above-exfiltrated data on their servers from the Delaney Browne cyber attack.
The screenshot above, depicting the 8BASE dark web portal, was shared by the Threat Intelligence Service Falcon Feeds, affirming their responsibility for the cyber attack on Delaney Browne Recruitment.
Stealing recruitment data could suggest that the hackers may leverage it to launch social engineering attacks with targeted emails about jobs.
It is recommended to avoid clicking on any links in a job-related email that requests a password reset or prompts you to download content via the provided link.
Job frauds have been found in established portals including LinkedIn. Hence, those using the recruitment portal must share their data responsibly and change their account passwords.
Cyber attacks launched by 8BASE ransomware group
8BASE ransomware group recently claimed cyber attacks on several organizations including Traffic Tech (Gulf), Telepizza, Quikcard Solutions Inc., and Dental One among others.
Addressing the tactics used by 8BASE, a Vmware report stated, “The group utilizes encryption paired with “name-and-shame” techniques to compel their victims to pay their ransoms.”
Ransomware deployed by the 8BASE ransomware group have been found appending encrypted files with a “.8base” extension. They target organizations across sectors and name them on their dark web portal.
However, not much has been found about the underlying motives of the 8BASE ransomware group. Although the group has been found in March 2022, researchers suspect otherwise.
“The speed and efficiency of 8Base’s current operations do not indicate the start of a new group but rather signify the continuation of a well-established mature organization,” added the Vmware report.
Moreover, it was speculated that 8BASE has a lot in common with operations observed in the past related to other groups.
A careful examination of the verbiage employed by the 8BASE ransomware group has led to the identification of parallels with the group known as RansomHouse. The ransom note by the 8BASE ransomware group had a 99% match with that of RansomHouse.
8BASE has launched several cyber attacks in June 2023 and often call themselves, “Simple Pentesters”. They offer information about the companies they attack in their Frequently Asked Questions and Rules section on their dark web portal.
8BASE mostly targeted Business Services, followed by finance, manufacturing, information technology, and healthcare among others.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
