Ransomware Attack on Fortify Enterprise Inc. by APT73
Incident Date:
May 8, 2024
Overview
Title
Ransomware Attack on Fortify Enterprise Inc. by APT73
Victim
Fortify Enterprise Inc.
Attacker
APT73
Location
First Reported
May 8, 2024
Ransomware Attack on Fortify Enterprise Inc. by APT73
Victim Profile: Fortify Enterprise Inc.
Fortify Enterprise Inc., a software development company established in 2015, is renowned for crafting dependable software solutions customized for businesses. Their emphasis on quality and reliability has garnered them a reputation as industry professionals. However, like many digital-centric enterprises, they face vulnerability to cyber attacks, given their reliance on online platforms and handling of sensitive corporate data. This susceptibility makes them potential targets for threat actors aiming to exploit valuable information.
APT73 attacks Fortify
In the cybersecurity incident involving APT73 targeting Fortify Enterprise Inc., the attackers exfiltrated sensitive data, including SSH public keys, full login admin credentials, passports, and potentially more information. They used ransomware as their method of attack. The leaked data represents a considerable security threat to the company. Operating its website from an IP address located in Prague, Czechia, APT73 utilizes AS9009, associated with various malicious activities and ransomware groups. Their logo, depicting a venomous snake with spider legs, is adapted with a red color scheme for their data leak site named "ERALEIGNEWS".
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.