18. 11. 2024
Development, Threat Intelligence
Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA’s data breach.
AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Cactus ransomware gang in early March.
The ransomware operators exfiltrated 3 TB of data and initially demanded a ransom of $9 million for all the contents or $90,000 for the file tree. The data contains sensitive business information, including customer and supplier data such as drawings, blueprints, invoices, contracts and orders, or personal employee information such as pay checks, ID cards, dossiers and more.
On April 23, 2024, the data breach was made public on Cactus’ .onion website, accessible via the TOR network. Our Threat Intelligence Platform SATAYO alerted us about it as data belonging to our customers was detected inside. Our analysts are now analyzing the leaked documents to quickly inform our stakeholders and prevent document misuse by third parties.
Mirko Ioris
Technical Consultant - Cyber Security Team | Würth Phoenix
Author
