Cyberattack on Apollo Aerospace Components: A Ransomware Threat by Dunghill Leak

Incident Date:

April 15, 2024

World map

Overview

Title

Cyberattack on Apollo Aerospace Components: A Ransomware Threat by Dunghill Leak

Victim

Apollo Aerospace Components

Attacker

Dunghill

Location

Brierley Hill, United Kingdom

, United Kingdom

First Reported

April 15, 2024

Ransomware Attack on Apollo Aerospace Components by Dunghill Leak

Company Profile

Apollo Aerospace Components, with an estimated annual revenue of $25.3 million and a workforce of 103 employees, is a notable entity in the aerospace manufacturing sector. The company has shown significant growth, with a 36% increase in employee count last year. Its Polish subsidiary, Apollo Aerospace Components Sp. z o.o., has also reported a substantial net sales revenue increase of 120.04% in 2021, currently employing 4 individuals and operating in the Wholesale Trade Agents and Brokers sector.

Ransomware Attack Details

The ransomware group Dunghill Leak, also known as the Dark Angels Team, has claimed responsibility for a cyberattack on Apollo Aerospace Components. This group, which emerged in 2023, is known for its high-profile attacks and demands for multi-million dollar ransoms, often targeting companies based on their cyber insurance coverage. Dunghill Leak employs a double extortion tactic, which involves stealing sensitive data before encrypting the victim's systems and threatening to release the information publicly if the ransom is not paid.

Technical Aspects of the Attack

Initially, Dunghill Leak utilized the stolen Babuk ransomware source code to craft their own encryptor. They have also been observed using a tailored version of the Ragnar Locker ransomware. Recently, the group has developed a custom encryptor, enhancing their capability to breach and compromise corporate networks effectively.

Vulnerabilities and Target Selection

The victim's significant growth and expansion, combined with its substantial revenue and employee increase, likely made it an attractive target for Dunghill Leak. Organizations in the manufacturing sector, particularly those involved in aerospace components, often hold valuable intellectual property and sensitive data, increasing their risk of being targeted by sophisticated cybercriminal groups like Dunghill Leak.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.