Ransomware Attack on Brightway Consultants Ltd: APT73 Strikes

Incident Date:

May 23, 2024

World map

Overview

Title

Ransomware Attack on Brightway Consultants Ltd: APT73 Strikes

Victim

Brightway Consultants Ltd

Attacker

APT73

Location

London, United Kingdom

, United Kingdom

First Reported

May 23, 2024

Ransomware Attack on Brightway Consultants Ltd by APT73

Company Profile

Brightway Consultants Ltd is a distinguished chartered quantity surveying firm based in London. Known for their comprehensive surveying services, they specialize in cost planning, budgeting, and project management for construction projects. The firm prides itself on its agile, forward-thinking approach and is regulated by the Royal Institution of Chartered Surveyors (RICS). Brightway Consultants Ltd serves a diverse clientele, providing bespoke services tailored to meet individual project needs, ensuring successful project outcomes through strategic planning and implementation.

Attack Overview

In May 2024, Brightway Consultants Ltd became the latest victim of the ransomware group APT73, also known as Eraleign. The attack resulted in the unauthorized access and potential exfiltration of 0.815GB of sensitive data, including financial records, geographical sketches, login details for personal accounts, and various images and screen captures. This breach underscores the growing threat ransomware groups pose to businesses across sectors.

About APT73

APT73 is a relatively new player in the ransomware landscape, having emerged in late 2023. The group exhibits similarities to the notorious LockBit ransomware variant, particularly in its operational tactics and data leak site (DLS) design. APT73 primarily conducts phishing attacks to compromise systems and deploy ransomware. Their DLS, named "ERALEIGNEWS," is hosted on the TOR network, highlighting their preference for anonymity and secure communication channels. Despite some amateurish traits, such as a lack of active mirrors for their DLS, APT73 has managed to execute several high-profile attacks.

Vulnerabilities and Penetration Methods

The exact method APT73 used to infiltrate Brightway Consultants Ltd's systems remains unclear, but it is likely that the group utilized phishing attacks, a common tactic for gaining initial access. Phishing involves sending fraudulent emails that trick recipients into revealing sensitive information or downloading malicious software. Once inside the network, APT73 could deploy their ransomware, encrypting critical data and demanding a ransom for its release.

Implications for Brightway Consultants Ltd

This attack highlights several vulnerabilities within Brightway Consultants Ltd's cybersecurity posture. The exposure of sensitive financial records and personal login details not only threatens the company's operations but also compromises client trust and could lead to significant financial and reputational damage. This incident serves as a stark reminder of the importance of robust cybersecurity measures, including employee training on phishing threats, regular security audits, and comprehensive data protection strategies.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.