Ransomware Attack on HITC Telecom by Stormous Group Exposes 182GB Data

Incident Date:

July 9, 2024

World map

Overview

Title

Ransomware Attack on HITC Telecom by Stormous Group Exposes 182GB Data

Victim

HITC Telecom

Attacker

Stormous

Location

Hà Nội, Vietnam

, Vietnam

First Reported

July 9, 2024

Ransomware Attack on HITC Telecom by Stormous Group

Overview of HITC Telecom

HITC Telecom, also known as HTC International Telecommunication Joint Stock Company, is a prominent telecommunications provider in Vietnam. The company offers a wide range of services, including mobile, internet, VoIP, and long-distance phone services. With a registered charter capital of approximately $4.3 million, HITC Telecom is headquartered in Hanoi and is recognized as a leading brand in Vietnam and Asia. The company is known for its expertise in wired telecommunications activities and its extensive service portfolio.

Services and Vulnerabilities

HITC Telecom provides critical services such as data center facilities monitoring and site surveys. These services are essential for maintaining and securing telecommunications infrastructure. However, the complexity and sensitivity of these operations make the company a prime target for cyberattacks. The recent ransomware attack highlights the vulnerabilities in their network security, particularly in protecting sensitive data from sophisticated threat actors.

Details of the Ransomware Attack

In a recent cyberattack, the Stormous ransomware group claimed to have stolen approximately 182 GB of sensitive data from HITC Telecom. The group listed HITC Telecom as a victim on their dark web leak site, indicating a significant breach and data exfiltration. Specific details regarding the ransom demands or the company's response have not been disclosed. The attack underscores the growing threat of ransomware to critical infrastructure providers.

Profile of the Stormous Ransomware Group

Stormous is a ransomware group known for its pro-Russian stance and its involvement in high-profile cyberattacks. Active since 2021, the group employs double extortion tactics, threatening to leak sensitive data if ransom demands are not met. Stormous has claimed responsibility for numerous attacks, including breaches of major companies and governmental bodies. The group has recently reactivated its data leak site and formed partnerships with other cybercriminal organizations to expand its operations.

Penetration Tactics

Stormous likely penetrated HITC Telecom's systems through sophisticated phishing attacks, exploiting vulnerabilities in the company's network security. The group's use of double extortion tactics adds pressure on victims to comply with ransom demands, leveraging the potential reputational damage of data leaks. The attack on HITC Telecom highlights the need for robust cybersecurity measures to protect sensitive data and critical infrastructure.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.