The Dark Web Threat: APT73's Attack on Trifecta Technologies

Incident Date:

April 25, 2024

World map

Overview

Title

The Dark Web Threat: APT73's Attack on Trifecta Technologies

Victim

Trifecta Technologies, Inc.

Attacker

APT73

Location

Allentown, USA

Pennsylvania, USA

First Reported

April 25, 2024

Ransomware Attack on Trifecta Technologies by APT73

Company Profile: Trifecta Technologies, Inc.

Trifecta Technologies, Inc., a subsidiary of the publicly traded company Perficient Inc., is a custom software development and consulting firm specializing in Salesforce solutions. Founded in 1991 and based in Allentown, Pennsylvania, Trifecta employs 49 individuals in the U.S. and is recognized for its ethical principles, customer satisfaction, and employee development. The company boasts over 250 Salesforce certifications and has been involved in co-creating Salesforce certification exams.

Trifecta's commitment to innovation and customer success has made it a preferred partner for many high-profile clients, contributing to its reputation as a "Top Place to Work" in its community. However, its high-profile client base and extensive access to sensitive Salesforce data may also increase its attractiveness as a target for cyber-attacks.

Details of the Attack

APT73, a newly emerged ransomware group, has claimed responsibility for the attack on Trifecta Technologies. The group announced the breach on their dark web leak site, listing Trifecta as their first major victim. The leaked data reportedly includes WiFi passwords, Salesforce credentials, security tokens, and other sensitive information such as client documents, payroll, and financial data, totaling 3.6 GB.

The attack underscores the vulnerabilities associated with handling extensive customer data and maintaining a high digital profile. The specific vector for the attack has not been disclosed, but APT73 is known for using phishing tactics to compromise organizational systems.

APT73 Profile and Tactics

APT73 appears to operate with a modus operandi similar to that of the more established LockBit ransomware variant, with a focus on targeting organizations through phishing and other deceptive measures. Their operational infrastructure is based in Prague, Czechia, and they utilize a TOR-based data leak site for publicizing their attacks. Despite their recent emergence, the sophistication of their attacks suggests a significant threat level to organizations with valuable data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.