SUMMARY
- Cicada3301 ransomware group claims to have breached Concession Peugeot, stealing 35GB of delicate information.
- The group operates a Ransomware-as-a-Service (RaaS) mannequin with a 20% fee.
- First noticed in June 2024, their ransomware targets Home windows and Linux/ESXi programs.
- Cicada3301 shares similarities with BlackCat, utilizing ChaCha20 encryption and related ways.
- Leaked information consists of invoices, passport copies, and inner communications.
Cicada3301, a ransomware group, has claimed accountability for a knowledge breach focusing on Concession Peugeot (concessions.peugeot.fr), a outstanding French automotive dealership linked to the Peugeot model. The group claims to have stolen 35GB of delicate information, marking a continuation of their aggressive cyber campaigns.
The alleged breach was introduced by the group over the weekend (Sunday, December 15, 2024) on its official darkish internet leak web site. It’s also price noting that the identify Cicada3301 was traditionally related to cryptographic puzzles within the early 2010s, it has since been co-opted by the ransomware group working beneath a Ransomware-as-a-Service (RaaS) mannequin.
This mannequin permits associates to hold out assaults by renting the ransomware infrastructure and splitting the proceeds with the operators. Verify Level’s report in September 2024, additionally discusses Cicada3301 who posted an commercial on a Russian-language underground discussion board providing ransomware-as-a-service. The group calls for a 20% fee on profitable assaults and even supplies negotiation mechanisms for disputes amongst companions.
The Cicada3301 ransomware group was first recognized by cybersecurity agency Truesec and noticed in June 2024. Written in Rust, the ransomware can goal each Home windows and Linux/ESXi programs, showcasing its cross-platform capabilities.
Cicada3301 has notable similarities to ALPHV/BlackCat ransomware, together with the usage of ChaCha20 encryption, an identical instructions to close down digital machines, and the -ui instructions that present graphic output for encryption. Each teams additionally share an analogous file-naming sample and key parameters used to decrypt ransom notes. These overlaps counsel a shared connection or the adoption of confirmed strategies to maximise effectivity and affect.
The assault on Concession Peugeot aligns with Cicada3301’s technique of focusing on high-value organizations to maximise affect. The theft of 35GB of knowledge is especially regarding, as a screenshot of the leaked recordsdata, reviewed by Hackread.com, reveals official and inner communications, invoices, passport copies, and even recipes.
Editor’s Word
The truth that Concession Peugeot operates beneath the official subdomain concessions.peugeot.fr creates a better affiliation with the bigger Peugeot model. Massive corporations like Peugeot usually let their approved dealerships use subdomains to keep up a constant on-line presence and make it simpler for purchasers to belief their providers.
Nevertheless, this setup implies that an assault on a dealership can simply seem like an assault on the primary firm. Whereas this breach solely focused the dealership, the usage of Peugeot’s area may result in confusion and lift questions on safety throughout the model.
RELATED TOPICS
- 13GB Information of Vehicle Insurance coverage Big AA Uncovered On-line
- French vehicle Citroën breached, person login particulars leaked
- Hackers Can Entry Mazda Car Controls By way of System Flaws
- Contractor Database Exposes Irish Police Car Seizure Data
- Nissan Confirms Information Breach Affected 100K Prospects, Staff
- ALPHV Ransomware Used Vishing to Rip-off MGM Resorts Worker
