icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

HellCat Hackers Go on a Worldwide Jira Hacking Spree

Summary:
Swiss Telecommunications provider, Ascom recently issued an advisory, stating that it is investigating a cyberattack that compromised it’s technical ticketing system. The company reassured that other IT and customer systems remain unaffected, and there has been no disruption to business operations. The Hellcat ransomware group has taken responsibility for the attack, claiming to have stolen 44GB of data, including internal reports, sales documents, confidential contracts, and development tools. Ascom is currently assessing the validity of these claims and determining the full scope of the breach.

While the company has not shared additional details, this incident follows a series of attacks attributed to the Hellcat ransomware group. Previous targets include prominent organizations such as Schneider Electric, Telefónica, Orange Group, and, more recently, Jaguar Land Rover (JLR). Notably, in all of these cases, the attackers gained access through Jira servers by leveraging stolen credentials.

Security Officer Comments:
Jira is a project management and issue-tracking platform widely used by software developers and IT teams to manage projects. It often stores sensitive data, including source code, authentication keys, IT plans, customer information, and internal project discussions, making it a suitable target for actors like HellCat. While Ascom did not specify the details of the breached ticketing system, it is likely that the company uses Jira for ticket management, especially considering the recent wave of attacks attributed to HellCat, in which Jira servers were exploited to gain access.

In the attack targeting JLR, HellCat first compromised an LG Electronics employee who had third-party credentials to JLR’s Jira server. These credentials were obtained after the LG employee fell victim to an infostealer campaign. Researchers noted that the compromised credentials had been exposed for several years but remained valid, allowing the attackers to take advantage of them.

Suggested Corrections:
Infostealers are often distributed through phishing emails or malicious websites that host fake software downloads. These types of attacks are designed to trick users into revealing sensitive information, such as login credentials, which can then be exploited by ransomware groups like HellCat. Since HellCat has been known to leverage infostealers to gain access to sensitive Jira credentials, it is crucial for users to exercise caution when interacting with unsolicited emails. In general, avoid clicking on links or opening attachments from unknown senders and refrain from downloading software from untrusted third-party sites. Furthermore, regularly audit and rotate credentials to minimize the risk of long-term exposure. By proactively managing sensitive credentials and being vigilant against phishing attempts, users can significantly reduce the likelihood of falling victim to these types of attacks.

Link(s):
https://www.bleepingcomputer.com/news/security/hellcat-hackers-go-on-a-worldwide-jira-hacking-spree/

https://www.ascom.com/news/Business-News/cyberattack/

Contact Us for Threat Assistance
Back to Current Threats