Ransomware Attack on AIUT by Hunters International Exposes Risks
Incident Date:
October 8, 2024
Overview
Title
Ransomware Attack on AIUT by Hunters International Exposes Risks
Victim
AIUT
Attacker
Location
First Reported
October 8, 2024
Ransomware Attack on AIUT: A Deep Dive into the Hunters International Breach
AIUT Sp. z o.o., a leading Polish company in automation, robotics, and IoT, has fallen victim to a ransomware attack orchestrated by the notorious Hunters International group. This incident highlights the vulnerabilities faced by technology-driven organizations in the manufacturing sector.
AIUT: A Leader in Industrial Automation
Headquartered in Gliwice, Poland, AIUT is a prominent player in the fields of automation, robotics, and IoT. With nearly 30 years of experience, the company has established itself as one of the largest system integrators in Europe. AIUT's extensive product portfolio includes automated guided vehicles, smart metering devices, and comprehensive IT solutions tailored for various industries. The company employs over 1,000 individuals globally, with a significant portion of its workforce comprising highly qualified engineers. AIUT's commitment to innovation and its investment in Industry 4.0 initiatives have positioned it as a leader in the digital transformation of industries.
Attack Overview
The ransomware group Hunters International claims to have compromised 5.9 terabytes of AIUT's data, encompassing approximately 3,557,591 files. The attackers have issued a demand for a "one day offer" payment of 2000 USD to prevent the release of the data. This attack underscores the critical need for effective cybersecurity measures in organizations operating in the technology sector.
Hunters International: A Sophisticated Threat Actor
Emerging in October 2023, Hunters International is a Ransomware-as-a-Service group that has rapidly gained notoriety by leveraging Hive ransomware's code. The group employs double extortion tactics, combining data encryption with data theft to maximize leverage over its victims. Their malware framework is highly adaptable, allowing affiliates to target both Windows and Linux environments effectively. Hunters International's attacks are characterized by multi-stage operations involving network reconnaissance, lateral movement, and data exfiltration.
Potential Vulnerabilities and Penetration Tactics
AIUT's extensive global operations and reliance on advanced technological solutions may have made it an attractive target for Hunters International. The group likely penetrated AIUT's systems through phishing campaigns, RDP exploitation, or supply chain attacks targeting IT staff. Their use of sophisticated malware, such as SharpRhino, facilitates access and deploys ransomware by executing PowerShell commands, making it challenging for organizations to defend against such threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.