The 8Base Cybercrime Group Compromises Speedy in France

Background

The 8Base cybercrime group has reportedly compromised Speedy in France. The group exfiltrated various sensitive documents and personal data from the company.

About Speedy

Speedy is a French company that specializes in retailing tires, batteries, filters, mechanical equipment, and accessories such as windshield wipers, number plates, and spark plugs. They also offer maintenance packages, repair services, and an online shopping website for customers.

8Base Cybercrime Group

The 8Base ransomware gang emerged in March of 2022 and has become one of the most active groups today. They target organizations in business services, manufacturing, and construction sectors. The group is believed to be connected to experienced RaaS operators like Ransomhouse.

Modus Operandi

8Base engages in data exfiltration for double extortion and uses advanced security evasion techniques. They have been known to modify Windows Defender Firewall for bypass. The group primarily uses customized Phobos with SmokeLoader for their attacks and wipes Volume Shadow Copies (VSS) to prevent rollback of encryption.

Targets and Tactics

8Base focuses on Windows targets and tends to target organizations in Business Services, Manufacturing, Financial, and Information Technology sectors. They do not appear to have a RaaS program but instead choose victims opportunistically. The group uses a "name and shame" tactic via their leaks site to compel payment of ransom demands.