Ransomware Attack on Akkanat Holding by Hunters International

Akkanat Holding, a diversified Turkish conglomerate, has recently fallen victim to a ransomware attack orchestrated by the Hunters International group. The attackers claim to have exfiltrated approximately 623.9 GB of sensitive data and have threatened to publish this data within the next 1 to 2 days if their demands are not met. This incident has put significant pressure on Akkanat Holding to respond swiftly to mitigate potential damage.

About Akkanat Holding

Established in 1990, Akkanat Holding is a multifaceted company based in Turkey, primarily known for its significant contributions to the textile industry and tourism sector. The company operates a comprehensive production chain in textile manufacturing, including fabric production and clothing design. Its textile division, Akkanat Konfeksiyon A.Ş., produces approximately 4,000 kg of fabric daily and annually manufactures around 6 million clothing pieces, employing nearly 200 staff members. The company has a strong export orientation, with a substantial portion of its products being shipped internationally.

In addition to its textile operations, Akkanat Holding has diversified its portfolio by investing in the tourism sector. The company owns and operates several luxury hotels, including the Kempinski The Dome and Sirene Hotels, as well as the Antalya Golf Club. These investments reflect Akkanat Holding's commitment to expanding its influence beyond textiles and into hospitality and leisure.

Attack Overview

The ransomware attack on Akkanat Holding was claimed by the Hunters International group via their dark web leak site. The attackers have infiltrated the organization's systems and exfiltrated a significant amount of sensitive data. The threat to publish this data within a short timeframe has created an urgent situation for Akkanat Holding, which must now navigate the complexities of responding to such a cyber threat.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.

Investigations have revealed potential ties to Nigeria through domain registrations and email addresses associated with the group. However, the group has also been known to use fake identities and tricky methods to conceal their true origins. Hunters International's emergence shortly after the Hive ransomware disruption has led to speculation that it is a rebranded or offshoot version of Hive, although the group denies any affiliation.

Potential Vulnerabilities

Akkanat Holding's extensive operations in both the textile and tourism sectors make it a lucrative target for ransomware groups. The company's significant data assets, including sensitive business information and customer data, present a valuable target for exfiltration and extortion. The attack highlights the importance of comprehensive cybersecurity measures, particularly for companies with diverse and expansive operations like Akkanat Holding.

Sources

• Akkanat Holding Official Website
• SOCRadar - Dark Web Profile: Hunters International
• Global Security Mag - Hive Ransomware's Offspring: Hunters International Takes the Stage
• Aytex - Akkanat Holding
• ZoomInfo - Akkanat Holding