Ransomware Attack on Lantronix Inc. by Hunters International

Overview of Lantronix Inc.

Lantronix Inc. is a prominent American company headquartered in Irvine, California, specializing in industrial and enterprise Internet of Things (IoT) solutions. The company offers a comprehensive range of products and services, including device management, network switches, telematic gateways, IoT gateways, media converters, serial-to-ethernet device servers, and compute system-on-modules (SOM) and development kits. Lantronix serves various markets such as healthcare, energy, government, and transportation, and has an install base of over 60 million devices globally. The company employs approximately 357 people and reported a revenue of $33.3 million for the fiscal year ending June 30, 2023.

Details of the Ransomware Attack

Lantronix Inc. recently fell victim to a ransomware attack orchestrated by the Hunters International ransomware group. The attack resulted in the exfiltration of 587.6 GB of data, encompassing 906,225 files. The compromised data includes sensitive employee medical and background check records, a penetration test report, encryption DLL practices, patent applications, private accounting information, and data pertaining to the Chief Financial Officer (CFO). This breach highlights significant vulnerabilities within Lantronix's cybersecurity framework.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia. Investigations have revealed potential ties to Nigeria, although the group uses fake identities to conceal their true origins.

Penetration and Impact

The exact method of penetration used by Hunters International to infiltrate Lantronix's systems remains unclear. However, given the group's technical sophistication and the significant overlap with Hive ransomware, it is likely that they employed advanced tactics such as phishing, exploiting unpatched vulnerabilities, or leveraging compromised credentials. The attack has resulted in significant data breaches, financial losses, and reputational damage to Lantronix, underscoring the critical need for enhanced cybersecurity measures within the organization.

Sources

• Lantronix Inc. Official Website
• GlobalData - Lantronix Inc. Company Profile
• SOCRadar - Dark Web Profile: Hunters International
• Quorum Cyber - Hunters International Ransomware Report
• Global Security Mag - Hive Ransomware's Offspring: Hunters International Takes the Stage