Cicada 3301 Ransomware Breach Exposes Model Engineering Data
Incident Date:
September 24, 2024
Overview
Title
Cicada 3301 Ransomware Breach Exposes Model Engineering Data
Victim
Model Engineering
Attacker
Cicada 3301
Location
First Reported
September 24, 2024
Ransomware Attack on Model Engineering by Cicada 3301
Model Engineering, a distinguished architectural and engineering consulting firm based in Dubai, UAE, has recently been targeted by the ransomware group Cicada 3301. The attack, disclosed on September 23, resulted in the exfiltration of 111 GB of sensitive data, now available on the dark web. This breach poses significant risks to the firm's operations and client confidentiality.
About Model Engineering
Established in 1972, Model Engineering is a leader in the architectural and engineering sector, known for its innovative designs and commitment to sustainability. The firm has completed over 720 projects, including high-rise towers and luxury homes, across the Emirates. Their core design philosophy emphasizes contextuality, sustainability, efficiency, and a people-centric approach. The company employs advanced technologies like Building Information Modeling (BIM) to enhance project efficiency and foster collaboration among stakeholders.
Vulnerabilities and Targeting
Model Engineering's reliance on advanced technologies, such as BIM, and its extensive use of digital platforms may have made it an attractive target for cybercriminals. The firm's operations in a competitive industry, coupled with the valuable data it handles, likely increased its vulnerability to ransomware attacks. The attack by Cicada 3301 highlights the growing threat to businesses that manage sensitive information and rely heavily on digital infrastructure.
Attack Overview
Cicada 3301, a ransomware-as-a-service group, is known for its focus on data exfiltration and extortion rather than traditional ransom payments. The group employs a double-extortion model, threatening to release stolen data if demands are not met. In this case, the group managed to infiltrate Model Engineering's systems, exfiltrating a substantial amount of data before making it publicly available on their dark web leak site.
About Cicada 3301
Cicada 3301 distinguishes itself by prioritizing data brokerage over immediate ransom payments. The group uses sophisticated techniques, including phishing campaigns and brute-forcing VPN credentials, to gain initial access. Their ransomware employs ChaCha20 encryption and is written in Rust, supporting both Windows and Linux environments. This attack on Model Engineering underscores the group's capability to target and exploit vulnerabilities in organizations with valuable data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.