CTS Hit by Cactus Ransomware: 93GB Data Breach Highlights Cybersecurity Flaws

Incident Date: Jun 10, 2024

Attack Overview

VICTIM

Connection Technology Systems Inc. (CTS)

INDUSTRY

Manufacturing

LOCATION

Taiwan

ATTACKER

Cactus

FIRST REPORTED

June 10, 2024

Request Removal

Ransomware Attack on Connection Technology Systems Inc. by Cactus Group

Overview of Connection Technology Systems Inc. (CTS)

Connection Technology Systems Inc. (CTS) is a prominent provider of advanced networking solutions, specializing in fiber optic communication devices, Ethernet switches, media converters, and industrial networking solutions. Founded in Taiwan in 1998, CTS has grown to serve over 350 customers in more than 40 countries, with a 97.8% customer satisfaction rate. The company is publicly traded and has its headquarters in Taipei, Taiwan, with additional offices in Sweden, Austria, Japan, and the U.S.

Details of the Ransomware Attack

On June 11, 2024, CTS fell victim to a ransomware attack orchestrated by the Cactus ransomware group. The attack resulted in a data breach of 93GB, significantly impacting the company's operations. The Cactus group claimed responsibility for the attack via their dark web leak site, highlighting the vulnerabilities in CTS's cybersecurity defenses.

About the Cactus Ransomware Group

The Cactus ransomware group, first identified in March 2023, operates as a ransomware-as-a-service (RaaS). Known for exploiting vulnerabilities such as the ZeroLogon vulnerability (CVE-2020-1472), the group employs sophisticated techniques to disable security tools and distribute ransomware. Their unique encryption methods, including the use of custom scripts and batch files, make them a formidable threat in the cybersecurity landscape.

Penetration and Impact

Cactus ransomware affiliates likely penetrated CTS's systems by exploiting known vulnerabilities and leveraging malvertising lures. Once inside, they used custom scripts to disable security tools and deployed the ransomware, encrypting files with the extension “.cts1”. The attack underscores the importance of robust cybersecurity measures, especially for companies like CTS that operate in critical sectors such as manufacturing and telecommunications.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.