Ransomware Group APT73 Targets Fintech Firm Globacap: Key Insights

Incident Date:

August 21, 2024

World map

Overview

Title

Ransomware Group APT73 Targets Fintech Firm Globacap: Key Insights

Victim

Globacap

Attacker

APT73

Location

London, United Kingdom

, United Kingdom

First Reported

August 21, 2024

Ransomware Attack on Globacap by APT73: An In-Depth Analysis

Globacap, a UK-based fintech firm specializing in the digitization and automation of private capital markets, has reportedly been targeted by the ransomware group APT73. The group claims to have breached Globacap's systems, exfiltrating sensitive data, including logins, passwords, and other critical documents. Despite these allegations, Globacap has denied any breach, asserting that its systems and data remain secure.

About Globacap

Founded in November 2017, Globacap has developed a comprehensive platform aimed at streamlining the entire lifecycle of private market transactions. The company focuses on enhancing efficiency and accessibility in private markets, which have traditionally relied on outdated and labor-intensive processes. Globacap's platform integrates various functionalities to support capital raising advisers and investment managers across multiple asset classes, such as equity, debt, and fund vehicles. The firm employs between 51 and 200 people and has reported significant revenue growth, nearly 600% since 2019.

What Makes Globacap Stand Out

Globacap leverages blockchain technology to facilitate the tokenization of equity, allowing for the creation of digital tokens that represent ownership. This process is overseen by the UK's Financial Conduct Authority (FCA), ensuring compliance with regulatory standards. The use of blockchain not only enhances security and transparency but also simplifies transactions by automating the transfer of ownership in accordance with UK company law. The company recently completed a $21 million Series B funding round, attracting investments from notable firms such as Moore Strategic Ventures and Cboe Global Markets.

Attack Overview

APT73, a self-proclaimed Advanced Persistent Threat (APT) ransomware group, has claimed responsibility for the attack on Globacap. The group operates a TOR-based data leak site named "ERALEIGNEWS," where they have listed Globacap as a victim. APT73's modus operandi includes phishing attacks to compromise systems and deploy ransomware. The group has set a ransom deadline of September 2, 2024, for Globacap to comply with their demands.

About APT73

APT73 exhibits similarities to the LockBit ransomware variant, particularly in its data leak site design and operational tactics. The group primarily targets organizations through phishing attacks and maintains a TOR-based data leak site for leaking stolen data. APT73's infrastructure is hosted by M247 Europe SRL, with their website operating from an IP address located in Prague, Czechia. The group has a low-profile presence on social media platforms like Telegram and Twitter, with indications of a potential Finnish connection based on their Twitter followers.

Potential Vulnerabilities

Globacap's reliance on digital platforms and blockchain technology, while enhancing efficiency and security, also makes it a lucrative target for ransomware groups like APT73. The fintech firm's significant growth and market presence further increase its attractiveness to cybercriminals seeking to exploit vulnerabilities in its systems. Despite Globacap's assurances of high security standards, the attack underscores the persistent threat posed by sophisticated ransomware groups.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.