Hi-P International Targeted by Fog Ransomware Group

Hi-P International, a leading global manufacturer in the telecommunications, lifestyle, computing, and automotive sectors, has recently fallen victim to a ransomware attack orchestrated by the notorious Fog ransomware group. This incident highlights the growing threat posed by sophisticated cybercriminals and underscores the critical need for effective cybersecurity measures.

About Hi-P International

Established in 1980 in Singapore, Hi-P International, also known as Hi-P Group, initially focused on insert molding and metal forming. Under the leadership of Executive Chairman Yao Hsiao Tung, who acquired the company in 1983, Hi-P expanded significantly, particularly after its IPO on the Singapore Stock Exchange in 2003. The company is recognized for its commitment to quality and innovation, providing integrated electro-mechanical solutions that enhance customer value.

Hi-P International boasts a substantial global footprint with over 15,000 employees across various manufacturing plants located in China, Thailand, and Singapore, as well as sales and engineering offices in the United States, Asia, and Europe. The company reported revenues exceeding USD 1 billion in recent years, reflecting its strong market position and operational capabilities.

Attack Overview

The Fog ransomware group has claimed responsibility for the attack on Hi-P International via their dark web leak site. The specifics of the attack, including the extent of the data compromised and the ransom demands, have yet to be disclosed. However, the infiltration of Hi-P's systems by the Fog ransomware group is a significant concern, given the company's extensive global operations and critical role in various high-tech industries.

About Fog Ransomware Group

Fog ransomware is a malicious software variant that emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending the extensions ".FOG" or ".FLOCKED" to the affected filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," informing victims that their files have been encrypted and urging them to contact the attackers for file recovery.

Fog ransomware has been particularly disruptive, with a significant focus on the education sector, where 80% of its victims are located, and 20% in the recreation industry. Attackers typically gain access to systems by exploiting compromised VPN credentials from two different vendors, allowing for remote infiltration. Once inside, Fog ransomware can disable Windows Defender, encrypt Virtual Machine Disk (VMDK) files, delete backups from Veeam, and remove volume shadow copies, making recovery extremely difficult.

Potential Vulnerabilities

Hi-P International's extensive global operations and reliance on integrated electro-mechanical solutions may have made it an attractive target for the Fog ransomware group. The company's large workforce and multiple manufacturing plants and offices worldwide could present numerous entry points for cybercriminals. Additionally, the use of VPNs and other remote access technologies, if not adequately secured, could have provided the attackers with a pathway into Hi-P's systems.

Sources

• Hi-P International
• PCRisk - Fog Ransomware
• BeforeCrypt - Fog Ransomware
• Dark Reading - Fog Ransomware