Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label dark web data leak. Show all posts
data security
Cyber Attacks cybercriminal group CyberSecurity Ransomware Attacks dark web data leak Data Leak data security

Qilin Ransomware Gang Claims Cyberattack on Japanese Beer Giant Asahi

 

The Qilin ransomware group has claimed responsibility for the recent cyberattack on Japanese brewing giant Asahi, adding the company’s name to its dark web data leak site. The cybercriminals alleged that they had stolen over 9,300 files amounting to 27GB of confidential data, including financial documents, employee identification records, contracts, and internal reports. To substantiate their claims, the group published 29 images showing snippets of the stolen files. 

Asahi, Japan’s largest beer manufacturer, employs around 30,000 people and produces approximately 100 million hectoliters annually, generating close to $20 billion in revenue. The company suffered significant operational disruptions following the attack. On September 29, Asahi temporarily halted production at six of its domestic facilities, later confirming on October 3 that a ransomware attack had crippled its systems and led to data exfiltration. 

At first, no threat actor took public credit for the breach. However, the Qilin ransomware group eventually listed Asahi among its victims, likely after ransom negotiations failed. Qilin, which emerged in 2023, is known as a multi-platform ransomware operation capable of targeting both Windows and Linux systems. The group has been associated with other notorious hacker collectives such as Scattered Spider and, more recently, North Korean state-linked actors. 

Qilin’s tactics include exploiting vulnerabilities in edge network devices, deploying credential theft tools, and developing sophisticated encryption mechanisms to hinder recovery. The group has previously targeted high-profile organizations including Nissan, Inotiv, Lee Enterprises, major hospitals within London’s NHS network, and automotive supplier Yangfeng.

In its post, Qilin claimed that the Asahi ransomware attack could result in losses exceeding $335 million due to production halts affecting six breweries and more than thirty beer labels. Despite the claims, Asahi has not verified the authenticity of the leaked files. In a statement to BleepingComputer, a company spokesperson confirmed that the matter remains under active investigation and declined to comment further. 

The company also shared that production of its flagship beer, Super Dry, has resumed through a temporary manual ordering system. While Asahi’s factories are not yet operating at full capacity, shipments for additional labels are expected to restart by October 15. However, as a direct consequence of the cyberattack and ongoing disruptions, Asahi announced it would delay the launch of new products that were initially planned for October 2025. 

The attack on Asahi underscores the growing reach and sophistication of ransomware groups like Qilin, whose increasingly destructive campaigns continue to target global corporations across industries, threatening both economic stability and consumer trust.
Read more »
stolen customer details
Cyber Security Cyber Security incident dark web data leak EMBARGO ransomware Firstmac cyberattack non-bank mortgage lender data breach stolen customer details

Mortgage Lender Hacked, Customer Credit Card Details Leaked on Dark Web

 

The non-bank mortgage lender Firstmac has been hit by a cyberattack, resulting in the theft and publication of customer details such as credit card numbers, passport numbers, Medicare numbers, and driver’s licence details on the dark web.

Firstmac, a major non-bank lender based in Brisbane, informed its customers via a letter that an unauthorized party had breached its IT systems. The company stated, “Our ongoing investigation has found evidence that some personal information of our customers has been accessed.”

Firstmac assured affected individuals that they were being notified directly and advised on steps to protect themselves from scams or phishing attempts, in accordance with regulatory requirements. The firm also mentioned that relevant authorities had been informed and were being kept updated on the investigation’s progress.

The technology publication Cyberdaily reported that the hackers responsible for the attack had posted a significant amount of data on the dark web. The ransomware group EMBARGO claimed responsibility for the hack, which occurred in April, and had set a ransom deadline of May 8. Cyberdaily provided screenshots from EMBARGO’s website showing customer addresses, financial details, and email addresses, as well as the contact details of several Firstmac executives and IT team members.

The extent of the breach in terms of affected customers and employees remains unclear. Firstmac was contacted for additional comments on the situation.

Firstmac announced that it had enlisted IDCARE, Australia’s national identity and cyber support service, to assist customers. IDCARE’s services are available at no cost to affected individuals, with expert Case Managers ready to address concerns about the potential misuse of personal information.

The company emphasized that its systems were functioning normally, operations were unaffected, and customer funds were secure. They stated there was no evidence of any impact on customer accounts.

This incident is part of a growing trend of cyberattacks on high-profile Australian organizations. According to the Australian Signals Directorate, over 127,000 hacks against Australian servers were recorded in the 2022-23 financial year, marking a 300% increase from the previous year.

Last year, a data breach at Melbourne travel agency Inspiring Vacations exposed about 112,000 records, totaling 26.8 gigabytes of data, due to a non-password protected database. This breach adds to a list of incidents affecting companies such as Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World, and Dymocks, reflecting a “new normal” of frequent attacks and data leaks.

The Optus breach, in particular, led to new legislation imposing stricter penalties for serious or repeated customer data breaches. Companies failing to protect data now face fines exceeding $50 million.

Attorney-General Mark Dreyfus emphasized the need for robust data protection, stating, “When Australians are asked to hand over their personal data they have a right to expect it will be protected,” and noted that recent significant breaches demonstrated the inadequacy of existing safeguards.

Australia recently abandoned plans to ban ransomware payments, instead opting for mandatory reporting obligations. Research by IT firm Cohesity found that 92% of Australian IT executives would pay a ransom to recover data and restore business processes, with a significant number willing to pay over $US3 million, and some over $US5 million.

Cybersecurity Minister Clare O’Neil highlighted the issues with paying ransoms, stating, “Every time a ransom is paid, we are feeding the cybercrime problem,” and stressed the need for more foundational work before considering a ban on ransom payments.
Read more »
Subscribe to: Comments (Atom)