Ransomware Attack on Formosa Plastics Corporation USA
Incident Date:
May 17, 2024
Overview
Title
Ransomware Attack on Formosa Plastics Corporation USA
Victim
Formosa Plastics Corporation USA
Attacker
Hunters International
Location
First Reported
May 17, 2024
Ransomware Attack on Formosa Plastics Corporation USA
Victim Overview
Formosa Plastics Corporation USA is a leading distributor of specialty food products in the Retail sector. They provide high-quality products such as seafood, meat, poultry, and dairy to foodservice and retail customers across the United States. The company, founded in 1978, is a growing, vertically-integrated supplier of plastic resins and petrochemicals.
Company Profile
The company produces chlor-alkali, petrochemicals, plastic resins, polyethylene, polyolefins, polypropylene, specialty PVC, vinyl, and more. They are committed to providing innovative, full-service solutions for various applications, showcasing their significant presence in the plastic materials manufacturing industry.
Attack Overview
The ransomware attack on Formosa Plastics Corporation USA was carried out by the cybercriminal group known as Hunters International. The attackers successfully exfiltrated 1.2 TB of data, including confidential information, personally identifiable information (PII), financial data, customer data, and technical data. A sample of the exfiltrated data was leaked as part of the aftermath of the attack.
Ransomware Group Profile
Hunters International is a ransomware group that focuses on stealing data rather than encrypting it. They have customized their ransomware to enhance simplicity and efficiency, making it less verbose and easier to use for operatives. The group targets victims across various sectors worldwide, including healthcare, automotive, manufacturing, logistics, financial, educational, and food sectors.
Vulnerabilities
Formosa Plastics Corporation USA's vulnerabilities in being targeted by threat actors may include inadequate cybersecurity measures, lack of employee training on cybersecurity best practices, and potential weaknesses in their network infrastructure. The attackers could have penetrated the company's systems through phishing emails, unpatched software vulnerabilities, or weak password practices.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.