APT73 Ransomware Attack on MELTING MIND GmbH: A Closer Look
Incident Date:
April 26, 2024
Overview
Title
APT73 Ransomware Attack on MELTING MIND GmbH: A Closer Look
Victim
MELTING MIND GmbH
Attacker
APT73
Location
First Reported
April 26, 2024
Ransomware Attack on MELTING MIND GmbH by APT73
Company Profile
MELTING MIND GmbH, based in Lübeck, Germany, specializes in providing secure IT infrastructure, virtualization, and digitalization solutions. As a partner of the StartUp-Accelerator GATEWAY49, the company supports emerging businesses across various sectors including Energy, Construction, Life Science, Food, Aerospace, and Logistics.
Details of the Attack
The ransomware group APT73 has recently claimed responsibility for an attack on MELTING MIND GmbH. The attack involved the exfiltration of sensitive data, including employee credentials. This incident was publicized on the group's dark web leak site, where they also released samples of the stolen data. Notably, the ransom demand specifics were not disclosed, diverging from typical ransomware operations where specific demands are usually made clear. It is important to note that APT73 is a group which emerged in late April, the group 4 attacks, including this one on the German company.
Company Size and Industry Standing
MELTING MIND GmbH operates with a small team of between 2-10 employees, according to professional networking sites such as LinkedIn and RocketReach. Despite its modest size, the company plays a crucial role in supporting the IT infrastructure needs of various industries and has established itself as a key player in the regional startup ecosystem.
Vulnerabilities and Target Attractiveness
The combination of MELTING MIND's involvement in securing IT infrastructures and its partnerships with numerous startups makes it an attractive target for cybercriminals. The company's access to a wide range of sensitive information and its pivotal role in the digital transformation of various businesses could potentially offer multiple vectors for cyber attacks. The small size of the company might also imply limited resources dedicated to cybersecurity, which can be an additional vulnerability.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.