CTS Hit by Cactus Ransomware: 93GB Data Breach Highlights Cybersecurity Flaws
Incident Date:
June 10, 2024
Overview
Title
CTS Hit by Cactus Ransomware: 93GB Data Breach Highlights Cybersecurity Flaws
Victim
Connection Technology Systems Inc. (CTS)
Attacker
Cactus
Location
First Reported
June 10, 2024
Ransomware Attack on Connection Technology Systems Inc. by Cactus Group
Overview of Connection Technology Systems Inc. (CTS)
Connection Technology Systems Inc. (CTS) is a prominent provider of advanced networking solutions, specializing in fiber optic communication devices, Ethernet switches, media converters, and industrial networking solutions. Founded in Taiwan in 1998, CTS has grown to serve over 350 customers in more than 40 countries, with a 97.8% customer satisfaction rate. The company is publicly traded and has its headquarters in Taipei, Taiwan, with additional offices in Sweden, Austria, Japan, and the U.S.
Details of the Ransomware Attack
On June 11, 2024, CTS fell victim to a ransomware attack orchestrated by the Cactus ransomware group. The attack resulted in a data breach of 93GB, significantly impacting the company's operations. The Cactus group claimed responsibility for the attack via their dark web leak site, highlighting the vulnerabilities in CTS's cybersecurity defenses.
About the Cactus Ransomware Group
The Cactus ransomware group, first identified in March 2023, operates as a ransomware-as-a-service (RaaS). Known for exploiting vulnerabilities such as the ZeroLogon vulnerability (CVE-2020-1472), the group employs sophisticated techniques to disable security tools and distribute ransomware. Their unique encryption methods, including the use of custom scripts and batch files, make them a formidable threat in the cybersecurity landscape.
Penetration and Impact
Cactus ransomware affiliates likely penetrated CTS's systems by exploiting known vulnerabilities and leveraging malvertising lures. Once inside, they used custom scripts to disable security tools and deployed the ransomware, encrypting files with the extension “.cts1”. The attack underscores the importance of robust cybersecurity measures, especially for companies like CTS that operate in critical sectors such as manufacturing and telecommunications.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.