Legrand CRM Pty Ltd Targeted in Data Breach by Hunters International

Incident Date:

June 15, 2024

World map

Overview

Title

Legrand CRM Pty Ltd Targeted in Data Breach by Hunters International

Victim

Legrand CRM Pty Ltd

Attacker

Hunters International

Location

Irvine, USA

California, USA

First Reported

June 15, 2024

Ransomware Attack on Legrand CRM Pty Ltd by Hunters International

Overview of Legrand CRM Pty Ltd

Legrand CRM Pty Ltd, based in North Sydney, New South Wales, specializes in providing Customer Relationship Management (CRM) software solutions. Founded in 2002, the company offers both cloud-based and on-premise CRM systems designed to streamline business processes, enhance customer service, and improve overall efficiency. Despite being a small business with only four employees and two external contract developers, Legrand CRM has made a name for itself by offering practical and intuitive CRM solutions tailored to the needs of small and medium-sized enterprises (SMEs).

Details of the Ransomware Attack

Legrand CRM Pty Ltd recently fell victim to a ransomware attack claimed by the group Hunters International. The attack was publicized on the threat group’s dark web leak site, although the site was inaccessible at the time of writing. The CEO of Legrand CRM confirmed a data breach but clarified that it was not a ransomware attack. The breach involved a small amount of data theft, and some of the stolen files were found to belong to other businesses. The company has contacted the Australian Cyber Security Centre (ACSC) and the Victorian government Cyber Incident Response Service (CIRS) for assistance.

About Hunters International

Hunters International is a ransomware group that emerged following the disruption of the Hive ransomware group. Unlike Hive, Hunters International focuses on stealing data rather than encrypting it. They have customized Hive's ransomware to enhance simplicity and efficiency, making it easier for operatives to use. The group targets a diverse range of sectors, including healthcare, automotive, manufacturing, logistics, financial, educational, and food industries. Their operations have been linked to Nigeria through domain registrations and email addresses.

Potential Vulnerabilities

Legrand CRM's small size and limited resources may have made it an attractive target for threat actors like Hunters International. The company's reliance on external contract developers and the integration of its CRM systems with other business applications could have provided potential entry points for the attackers. Additionally, the misrepresentation of Legrand CRM's size and revenue by the threat group suggests either a deliberate attempt to inflate the attack's significance or a case of mistaken identity with the larger electrical distributor Legrand Australia.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.