DragonForce Ransomware Group Targets Italian Manufacturer SUSTA S.r.l.

The DragonForce ransomware group has claimed responsibility for a cyberattack on SUSTA S.r.l., an Italian company renowned for its expertise in the design and manufacturing of dies for the automotive industry. This attack highlights the growing threat of ransomware to the manufacturing sector, particularly companies with a strong reputation for innovation and quality.

About SUSTA S.r.l.

Established in 1992 and headquartered in Castellalto, Italy, SUSTA S.r.l. has built a solid reputation as a flexible and responsive partner for leading car manufacturers worldwide. The company specializes in producing medium to large-sized dies essential for manufacturing structural components and outer panels of vehicles. SUSTA's commitment to quality is underscored by its ISO 9001 and ISO 14001 certifications, reflecting its adherence to international quality and environmental management standards. With a workforce of 51 to 200 employees, SUSTA is recognized for its innovative approach, holding 54 patents related to its manufacturing processes and technologies.

Details of the Ransomware Attack

The DragonForce group reportedly accessed 331.87 GB of SUSTA's data, although the exact nature of the leaked information remains undisclosed. The attack underscores the vulnerabilities faced by companies in the manufacturing sector, particularly those with significant intellectual property and proprietary technologies. SUSTA's emphasis on high-precision machinery and mold systems may have made it an attractive target for cybercriminals seeking to exploit valuable industrial data.

Profile of DragonForce Ransomware Group

Emerging in late 2023, DragonForce has quickly gained notoriety for its sophisticated attack methods and connections to existing ransomware families, particularly LockBit. Operating on a Ransomware-as-a-Service (RaaS) model, the group allows affiliates to customize their attacks using modified versions of existing ransomware tools. DragonForce employs a double extortion strategy, exfiltrating sensitive data before encrypting it and threatening to leak the data if the ransom is not paid. This approach increases pressure on victims and distinguishes DragonForce as a formidable threat in the cybercrime landscape.

Potential Vulnerabilities and Attack Vectors

While specific details of how DragonForce penetrated SUSTA's systems are not publicly available, the group's use of advanced tools like SystemBC for persistence and credential harvesting tools such as Mimikatz and Cobalt Strike suggests a sophisticated attack vector. Companies like SUSTA, with extensive networks and valuable intellectual property, must remain vigilant against such threats, ensuring robust cybersecurity measures are in place to protect their assets.

Sources

• SUSTA S.r.l. Company Profile
• The Record - DragonForce Ransomware
• Cyble - DragonForce Ransomware Connection
• SOCRadar - DragonForce Ransomware Profile
• InfoSecurity Magazine - DragonForce Ransomware