Hive ransomware group has claimed to have hacked APM Terminals Quetzal (Terminal de Contenedores Quetzal), the Guatemalan arm of APM Terminals, a multinational port operating company headquartered in The Hague, Netherlands.
In their leak site post, the ransomware group has claimed they encrypted the company systems on 17 October, and it was disclosed on 7 November. The post did not disclose the details of the data encrypted or communications with the company.
#HiveLeaks #ransomware group claims to have hacked #APM Terminals Quetzal ( Terminal de Contenedores Quetzal – @APMTerminals), a port operating terminal in Guatemala 🇬🇹… pic.twitter.com/mMRw76gtFx
— BetterCyber (@_bettercyber_) November 7, 2022
APM Terminals is a unit of Danish shipping company Maersk’s transport and logistics division. It operates 74 port and terminal facilities in 40 countries on five continents, with five new port projects in development
The company manages over 100 inland services operations providing container transportation, management, maintenance and repair in 38 countries. In 2018, Drewry Shipping Consultants ranked APM Terminals as the world’s fifth largest container terminal operator in terms of the scale of operation.
Logistics and Cybersecurity
Large logistics companies have been in the cybersecurity news as the preferred targets for ransomware gangs, due to the scale of operations and the impact an attack could have on public life. The four largest shipping businesses in the world have succumbed to ransomware attacks in the past five years.
APM-Maersk has been one of the biggest global ransomware attack casualties. The 2017 NotPetya attack forced a complete infrastructure overhaul and the reinstallation of thousands of machines, costing the company about $300 million.
French shipping giant CMA CGM faced ransomware attacks in September 2020 and 2021. Peer Mediterranean Shipping Company was hit in April 2020 and Chinese shipping major COSCO was brought down for weeks in July 2018.
“The Transportation Systems Sector faces a multitude of cyber threats at the hands of criminals, hackers, insiders, and nation-state actors,” said a CISA cybersecurity briefing.
“Interdependencies between layers of air, rail, and maritime transportation systems provide actors with opportunities to perform operations leveraging a variety of attack surfaces.”