Legrand CRM Pty Ltd Targeted in Data Breach by Hunters International
Incident Date:
June 15, 2024
Overview
Title
Legrand CRM Pty Ltd Targeted in Data Breach by Hunters International
Victim
Legrand CRM Pty Ltd
Attacker
Hunters International
Location
First Reported
June 15, 2024
Ransomware Attack on Legrand CRM Pty Ltd by Hunters International
Overview of Legrand CRM Pty Ltd
Legrand CRM Pty Ltd, based in North Sydney, New South Wales, specializes in providing Customer Relationship Management (CRM) software solutions. Founded in 2002, the company offers both cloud-based and on-premise CRM systems designed to streamline business processes, enhance customer service, and improve overall efficiency. Despite being a small business with only four employees and two external contract developers, Legrand CRM has made a name for itself by offering practical and intuitive CRM solutions tailored to the needs of small and medium-sized enterprises (SMEs).
Details of the Ransomware Attack
Legrand CRM Pty Ltd recently fell victim to a ransomware attack claimed by the group Hunters International. The attack was publicized on the threat group’s dark web leak site, although the site was inaccessible at the time of writing. The CEO of Legrand CRM confirmed a data breach but clarified that it was not a ransomware attack. The breach involved a small amount of data theft, and some of the stolen files were found to belong to other businesses. The company has contacted the Australian Cyber Security Centre (ACSC) and the Victorian government Cyber Incident Response Service (CIRS) for assistance.
About Hunters International
Hunters International is a ransomware group that emerged following the disruption of the Hive ransomware group. Unlike Hive, Hunters International focuses on stealing data rather than encrypting it. They have customized Hive's ransomware to enhance simplicity and efficiency, making it easier for operatives to use. The group targets a diverse range of sectors, including healthcare, automotive, manufacturing, logistics, financial, educational, and food industries. Their operations have been linked to Nigeria through domain registrations and email addresses.
Potential Vulnerabilities
Legrand CRM's small size and limited resources may have made it an attractive target for threat actors like Hunters International. The company's reliance on external contract developers and the integration of its CRM systems with other business applications could have provided potential entry points for the attackers. Additionally, the misrepresentation of Legrand CRM's size and revenue by the threat group suggests either a deliberate attempt to inflate the attack's significance or a case of mistaken identity with the larger electrical distributor Legrand Australia.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.