LockBit3 Ransomware Attack on Allied Telesis: A Threat to Global Telecommunications
Incident Date:
May 29, 2024
Overview
Title
LockBit3 Ransomware Attack on Allied Telesis: A Threat to Global Telecommunications
Victim
Allied Telesis, Inc.
Attacker
Lockbit3
Location
First Reported
May 29, 2024
Ransomware Attack on Allied Telesis by LockBit3
Company Profile
Allied Telesis is a global provider of secure Ethernet/IP access solutions and a leader in the deployment of IP Triple Play networks over copper and fiber access infrastructure. The company designs and manufactures a full range of Layer 2-7 Ethernet switches, routers, and network management software, as well as a comprehensive line of IP Triple Play solutions. Known for its innovative networking solutions, high-quality service and support, and extensive worldwide customer presence, Allied Telesis has built a strong reputation in the industry. As of December 31, 2023, Allied Telesis employs 1,850 consolidated employees.
Company Standout
Committed to providing high-quality, reliable products that are easy to deploy and manage, Allied Telesis emphasizes partnerships and strategic alliances. This focus has led to successful collaborations with various companies in the industry, further solidifying its position as a leader in networking solutions.
Victim Vulnerabilities
As a prominent player in the telecommunications sector, Allied Telesis handles sensitive data, making it a target for threat actors like the LockBit3 ransomware group. The company's global presence and the critical infrastructure organizations it serves increase its attractiveness to cybercriminals looking to extort money through ransomware attacks.
Attack Overview
The LockBit3 ransomware group targeted alliedtelesis.com and claimed to have leaked data, including project details dating back to 2005, passport information, and product specifications. The breach, which occurred on May 27, 2024, involved the exfiltration of confidential data. LockBit3 threatened to fully release the data by June 3, 2024, if their demands were not met.
Ransomware Group Profile
The LockBit3 ransomware group, an evolution of the LockBit group, is known for its advanced and dangerous ransomware threats. Also known as LockBit Black, this Ransomware-as-a-Service (RaaS) group actively recruits affiliates and targets a wide range of businesses and critical infrastructure organizations globally.
How LockBit3 Penetrated
LockBit3 distinguishes itself by encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. LockBit3 features include lateral movement through a network via group policy updates and the ability to delete traces of itself to cover its tracks, making it more modular and evasive than previous ransomware variants.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.