Cybercrime
,
Fraud Management & Cybercrime
Threat Actor GhostR Says They Stole 846 GB of Data
Financially motivated hackers with a track record of data breaches claimed on a criminal forum to have stolen data from Australian logistics company Victorian Freight Specialists.
See Also: Webinar | Don’t Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing
The threat actor known as GhostR claimed in a Tuesday post on BreachForums that the group possesses 846 gigabytes of company data taken on May 26. Sample data appears to include internal data taken from an SQL database and screenshots of logon screens. Information Security Media Group could not immediately verify the legitimacy of the data. The company website appeared to briefly go dark, although it is currently working. Victorian Freight Specialists did not immediately respond to a request for comment.
GhostR only recently courted notoriety by threatening to release records stolen from World-Check, a screening database that banks and other institutions use to combat financial crimes and enforce government sanctions (see: Hacker Threatens to Expose Sensitive World-Check Database).
The threat actor posted data including a spreadsheet containing the names of members of royal families from across the globe, a random sampling of which contains accurate information. GhostR also published spreadsheets listing identified terrorists, which also appear to refer to real persons. None of the spreadsheets appear to contain contact information or other potentially sensitive information beyond birthdate.
BreachForums is an English-language criminal forum the FBI recently attempted to seize. Site administrators say they were able to reestablish operations on a seized domain after a registrar based in Hong Kong restored its account, allowing them to re-take control before shifting to a different registrar.
The site has since hosted data of high-profile breaches, including from TicketMaster and Spanish multinational bank Santander.
Tom Kellermann, senior vice president of cyber strategy at Contrast Security, said GhostR is intent on cyber extortion via doxing. “This type of cybercrime is growing in popularity. Organizations must invest in runtime security to prevent exploitation of their databases and invest in micro segmentation and modern DLPs to minimize the impact of these intrusions,” Kellerman told Information Security Media Group.
With reporting from ISMG’s David Perera in Washington, D.C.