Ransomware Attack on Lantronix Inc. by Hunters International Exposes 587.6 GB of Data
Incident Date:
July 16, 2024
Overview
Title
Ransomware Attack on Lantronix Inc. by Hunters International Exposes 587.6 GB of Data
Victim
Lantronix Inc.
Attacker
Hunters International
Location
First Reported
July 16, 2024
Ransomware Attack on Lantronix Inc. by Hunters International
Overview of Lantronix Inc.
Lantronix Inc. is a prominent American company headquartered in Irvine, California, specializing in industrial and enterprise Internet of Things (IoT) solutions. The company offers a comprehensive range of products and services, including device management, network switches, telematic gateways, IoT gateways, media converters, serial-to-ethernet device servers, and compute system-on-modules (SOM) and development kits. Lantronix serves various markets such as healthcare, energy, government, and transportation, and has an install base of over 60 million devices globally. The company employs approximately 357 people and reported a revenue of $33.3 million for the fiscal year ending June 30, 2023.
Details of the Ransomware Attack
Lantronix Inc. recently fell victim to a ransomware attack orchestrated by the Hunters International ransomware group. The attack resulted in the exfiltration of 587.6 GB of data, encompassing 906,225 files. The compromised data includes sensitive employee medical and background check records, a penetration test report, encryption DLL practices, patent applications, private accounting information, and data pertaining to the Chief Financial Officer (CFO). This breach highlights significant vulnerabilities within Lantronix's cybersecurity framework.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia. Investigations have revealed potential ties to Nigeria, although the group uses fake identities to conceal their true origins.
Penetration and Impact
The exact method of penetration used by Hunters International to infiltrate Lantronix's systems remains unclear. However, given the group's technical sophistication and the significant overlap with Hive ransomware, it is likely that they employed advanced tactics such as phishing, exploiting unpatched vulnerabilities, or leveraging compromised credentials. The attack has resulted in significant data breaches, financial losses, and reputational damage to Lantronix, underscoring the critical need for enhanced cybersecurity measures within the organization.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.