Nokoyawa, a relatively new threat group believed to be connected to Hive, has targeted Nexon Asia Pacific, an information technology company headquartered in Sydney, New South Wales, Australia. The company tweeted to claim that it has not fallen victim to the Nokoyawa leak.
Nokoyawa Leaks posted Nexon Asia Pacific on their leak site as its one and only victim. The screenshots on the post shared the hints of the company’s government contracts.
In reply to a tweet by Cyberknow, the company denied that it was a data leak victim.
“As a digital consulting and managed service provider our offerings include specialised security and internet services. We assure all prospects and clients that we have not fallen victim to the Nokoyawa leak,” read the tweet.
As a digital consulting and managed service provider our offerings include specialised security and internet services.
We assure all prospects and clients that we have not fallen victim to the Nokoyawa leak.
— Nexon Asia Pacific (@NexonAP) December 14, 2022
Nokoyawa and the Hive connection
In March 2022, Trend Micro shared an in-depth report on a ransomware gang named Nokoyawa. The ransomware used by the threat actor, Nokoyawa, was relatively new and was believed to be connected to Hive.
“Some of the indicators we’ve observed being shared by both Nokoyawa and Hive include the use of Cobalt Strike as part of the arrival phase of the attack, as well as the use of legitimate, but commonly abused, tools such as the anti-rootkit scanners GMER and PC Hunter for defense evasion. Other steps, such as information gathering and lateral deployment, are also similar,” noted the Trend Micro report.
The evidence collected by the threat research company includes several documents, including some government-related documents posed by the threat group on dark web forums. Trend Micro believes that Nokoyawa and Hive are similar to each other in terms of their attack patterns, chain of infection, and even the tools they use to deploy the malware into the victim’s system.
Before this particular attack, most of Nokoyawa’s targets were located in South America, primarily in Argentina. On the other hand, Nexon Asia Pacific is an IT company that provides technical support to the Australian Government and has been involved in many government projects and advisories.