Cyberattack on Apollo Aerospace Components: A Ransomware Threat by Dunghill Leak
Incident Date:
April 15, 2024
Overview
Title
Cyberattack on Apollo Aerospace Components: A Ransomware Threat by Dunghill Leak
Victim
Apollo Aerospace Components
Attacker
Dunghill
Location
First Reported
April 15, 2024
Ransomware Attack on Apollo Aerospace Components by Dunghill Leak
Company Profile
Apollo Aerospace Components, with an estimated annual revenue of $25.3 million and a workforce of 103 employees, is a notable entity in the aerospace manufacturing sector. The company has shown significant growth, with a 36% increase in employee count last year. Its Polish subsidiary, Apollo Aerospace Components Sp. z o.o., has also reported a substantial net sales revenue increase of 120.04% in 2021, currently employing 4 individuals and operating in the Wholesale Trade Agents and Brokers sector.
Ransomware Attack Details
The ransomware group Dunghill Leak, also known as the Dark Angels Team, has claimed responsibility for a cyberattack on Apollo Aerospace Components. This group, which emerged in 2023, is known for its high-profile attacks and demands for multi-million dollar ransoms, often targeting companies based on their cyber insurance coverage. Dunghill Leak employs a double extortion tactic, which involves stealing sensitive data before encrypting the victim's systems and threatening to release the information publicly if the ransom is not paid.
Technical Aspects of the Attack
Initially, Dunghill Leak utilized the stolen Babuk ransomware source code to craft their own encryptor. They have also been observed using a tailored version of the Ragnar Locker ransomware. Recently, the group has developed a custom encryptor, enhancing their capability to breach and compromise corporate networks effectively.
Vulnerabilities and Target Selection
The victim's significant growth and expansion, combined with its substantial revenue and employee increase, likely made it an attractive target for Dunghill Leak. Organizations in the manufacturing sector, particularly those involved in aerospace components, often hold valuable intellectual property and sensitive data, increasing their risk of being targeted by sophisticated cybercriminal groups like Dunghill Leak.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.