I don’t want to pick on Acer but its important to see that exploitation can continue to occur until cyber defenses are improved. This is just one of the many examples of organizations being continuously hit. Sometimes it happens because the initial vulnerability that led to the first attack wasn’t properly addressed. Sometimes its a new vulnerability that wasn’t addressed as the previous attack vector was the area of focus during remediation efforts. Whatever the reason, organizations need to take post remediation serious or breaches will continue to occur. The original post about the Acer breach from ZDnet can be found HERE. Here is the post from ZDnet.
Acer has confirmed a cyberattack on its offices in India this week after hackers with the Desorden Group claimed to have breached servers and stolen 60GB of files.
The group emailed ZDNet about the hack, claiming to have customer and corporate business data as well as financial information. When asked, the hackers denied it was a ransomware attack and claimed to have access to the company’s servers “over time.”
A spokesperson from Acer confirmed the hack, telling ZDNet that their security team recently detected an “isolated attack” on its local after-sales service system in India.
“Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems,” an Acer spokesperson said. “We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity.”
After receiving the message from Acer, ZDNet asked the hackers whether they still had access.
“Acer is a global network of vulnerable systems. We no longer have access to their India servers. This is all we can reveal now,” the hackers said in a follow-up message.
This is the second cyberattack Acer has suffered this year after being hit with ransomware in March.
The REvil ransomware group claimed the attack and demanded a $50 million ransom, one of the highest reported at the time. Acer offered to pay the group $10 million, which was rejected by the hackers.
The Record reported that the data stolen recently by the Desorden Group was posted to cybercriminal forum RAID as well as being sent to reporters.
Acer India was hit with a similar cyberattack in 2012 by a Turkish cybercriminal group, according to DataBreaches.net. The attackers defaced the company website and leaked 20,000 user credentials at the time.
DataBreaches.net reported last month that the Desorden Group recently claimed to have hacked into the Malaysian servers of ABX Express Enterprise on September 23.
Like the latest attack, the group sent reporters portions of the stolen files and posted them into the RAID forum. They claimed to have stolen 200GB of information including the data of millions of Malaysians.
In messages to the site, the group said their name stands for “chaos and disorder” and had reorganized after originally going by the name “Chaos CC.”
The group said it plans to attack supply chains and cause “disorder and chaos” that affects as many people as possible. The Desorden Group said it plans to hold data ransom and sell it if they are not paid. At the time, they claimed to have been negotiating a ransom with an unnamed Italian automotive supply company.