“Maze” Ransomware Actors Compromised Large IT and Aerospace Companies

  • The Maze ransomware groups are unstoppable, hitting another two large organizations.
  • Conduent and VT SAA are the latest victims of the Russian hackers, suffering catastrophic data breaches.
  • Maze has been very active and successful since the beginning of the year, managing to break in intranets by exploiting bugs.

Two groups of Russian actors deploying the “Maze” ransomware have just pinned another two medals on the RaaS’s uniform. Just yesterday, it was revealed that they managed to compromise the systems of Conduent, a critical IT services provider who reported $4.5 billion in revenues in 2019. The other case concerns “VT San Antonio Aerospace” (VT SAA), a specialist in aircraft maintenance, repair, and overhaul, who has a presence in 100 countries. Both targets are large entities that can’t afford a disruption of operations, so these incidents highlight Maze’s power once more.

In the case of Conduent, the breach occurred on May 29, 2020, and the firm managed to get its systems back into normal operating status within nine hours. While the disruption for Conduent clients was kept at a minimum, the Maze team managed to steal data that they are now using for extortion. According to Cyble, the data that has been leaked includes insurance documents, vehicle lease details, audit discussion results, and other sensitive internal information.

conduent_leak
Source: Cyble Blog

The VT SAA breach happened back in April 2020 and was revealed now after data from that incident started to come out too. The Maze team that attacked VT SAA stole 1.5 TB of data, including confidential and precious defense technology and system details. The first samples that were shared on the dark web concern insurance documents, contract calculation worksheets, NASA review rules, and various other unencrypted data.

nasa leak
Source: Cyble Blog

As for how the attack happened, VT SAA got breached remotely and through a compromised administrator account. Then, the actors took over the default Domain Admin account and gained control of the intranet servers and file servers. By March 7, 2020, they had stolen everything and began the encryption of the files locally. The aerospace engineering firm recovered the files within three days, but the exfiltration damage had already happened.

vt systems
Source: Cyble Blog

The Maze ransomware remains one of the nastiest RaaS (ransomware as a service) operations out there, hitting multiple large organizations every week. Only a couple of days ago, we reported the breach of “Westech International” and the stealing of confidential information on US intercontinental ballistic missile systems. In May, a group of actors using the Maze ransomware compromised Banco BCR, stealing 11 million credit card records and various other sensitive information. In March, Maze locked down Chubb’s systems, putting the cybersecurity insurance company in freeze mode and introducing a large dose of irony in their business operations. Interestingly, a contract with Chubb has also leaked as part of the VT SAA breach now.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari