APT73 Ransomware Attack on MELTING MIND GmbH: A Closer Look

Incident Date:

April 26, 2024

World map

Overview

Title

APT73 Ransomware Attack on MELTING MIND GmbH: A Closer Look

Victim

MELTING MIND GmbH

Attacker

APT73

Location

Lubeck, Germany

, Germany

First Reported

April 26, 2024

Ransomware Attack on MELTING MIND GmbH by APT73

Company Profile

MELTING MIND GmbH, based in Lübeck, Germany, specializes in providing secure IT infrastructure, virtualization, and digitalization solutions. As a partner of the StartUp-Accelerator GATEWAY49, the company supports emerging businesses across various sectors including Energy, Construction, Life Science, Food, Aerospace, and Logistics.

Details of the Attack

The ransomware group APT73 has recently claimed responsibility for an attack on MELTING MIND GmbH. The attack involved the exfiltration of sensitive data, including employee credentials. This incident was publicized on the group's dark web leak site, where they also released samples of the stolen data. Notably, the ransom demand specifics were not disclosed, diverging from typical ransomware operations where specific demands are usually made clear. It is important to note that APT73 is a group which emerged in late April, the group 4 attacks, including this one on the German company.

Company Size and Industry Standing

MELTING MIND GmbH operates with a small team of between 2-10 employees, according to professional networking sites such as LinkedIn and RocketReach. Despite its modest size, the company plays a crucial role in supporting the IT infrastructure needs of various industries and has established itself as a key player in the regional startup ecosystem.

Vulnerabilities and Target Attractiveness

The combination of MELTING MIND's involvement in securing IT infrastructures and its partnerships with numerous startups makes it an attractive target for cybercriminals. The company's access to a wide range of sensitive information and its pivotal role in the digital transformation of various businesses could potentially offer multiple vectors for cyber attacks. The small size of the company might also imply limited resources dedicated to cybersecurity, which can be an additional vulnerability.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.