Ransomware Attack on Lantronix Inc. by Hunters International Exposes 587.6 GB of Data

Incident Date:

July 16, 2024

World map

Overview

Title

Ransomware Attack on Lantronix Inc. by Hunters International Exposes 587.6 GB of Data

Victim

Lantronix Inc.

Attacker

Hunters International

Location

Irvine, USA

California, USA

First Reported

July 16, 2024

Ransomware Attack on Lantronix Inc. by Hunters International

Overview of Lantronix Inc.

Lantronix Inc. is a prominent American company headquartered in Irvine, California, specializing in industrial and enterprise Internet of Things (IoT) solutions. The company offers a comprehensive range of products and services, including device management, network switches, telematic gateways, IoT gateways, media converters, serial-to-ethernet device servers, and compute system-on-modules (SOM) and development kits. Lantronix serves various markets such as healthcare, energy, government, and transportation, and has an install base of over 60 million devices globally. The company employs approximately 357 people and reported a revenue of $33.3 million for the fiscal year ending June 30, 2023.

Details of the Ransomware Attack

Lantronix Inc. recently fell victim to a ransomware attack orchestrated by the Hunters International ransomware group. The attack resulted in the exfiltration of 587.6 GB of data, encompassing 906,225 files. The compromised data includes sensitive employee medical and background check records, a penetration test report, encryption DLL practices, patent applications, private accounting information, and data pertaining to the Chief Financial Officer (CFO). This breach highlights significant vulnerabilities within Lantronix's cybersecurity framework.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia. Investigations have revealed potential ties to Nigeria, although the group uses fake identities to conceal their true origins.

Penetration and Impact

The exact method of penetration used by Hunters International to infiltrate Lantronix's systems remains unclear. However, given the group's technical sophistication and the significant overlap with Hive ransomware, it is likely that they employed advanced tactics such as phishing, exploiting unpatched vulnerabilities, or leveraging compromised credentials. The attack has resulted in significant data breaches, financial losses, and reputational damage to Lantronix, underscoring the critical need for enhanced cybersecurity measures within the organization.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.