KMC Controls Hit by Ransomware Attack from Hunters International
Ransomware Attack on KMC Controls by Hunters International
KMC Controls, a leading American manufacturer specializing in building automation systems and IoT solutions, has fallen victim to a ransomware attack orchestrated by the notorious group Hunters International. This incident underscores the vulnerabilities faced by companies in the manufacturing sector, particularly those involved in critical infrastructure and technology.
About KMC Controls
Founded in 1969 and headquartered in New Paris, Indiana, KMC Controls has established itself as a key player in the building automation industry. The company is renowned for its innovative solutions that integrate existing systems with new technologies, offering products such as advanced controllers, thermostats, and the KMC Commander IoT platform. KMC's commitment to sustainability and energy efficiency, along with its ISO 9001:2015 certification, highlights its dedication to quality and environmental standards. Employing between 51 to 200 individuals, KMC Controls is recognized for its significant market presence and strategic partnerships.
Attack Overview
Hunters International claims to have infiltrated KMC Controls' network, exfiltrating 487.9 GB of sensitive data. This breach highlights the persistent threat posed by ransomware groups to companies involved in critical infrastructure. The attack on KMC Controls demonstrates the ongoing vulnerabilities within the sector, as cyber adversaries exploit weaknesses in cybersecurity defenses to extract valuable data and potentially disrupt operations.
About Hunters International
Emerging in October 2023, Hunters International is a Ransomware-as-a-Service (RaaS) group that has rapidly gained notoriety by leveraging code from the defunct Hive ransomware operation. The group employs double extortion tactics, combining data encryption with data theft to maximize leverage over its victims. Hunters International is known for its sophisticated techniques, including the use of Rust for cross-platform targeting and the deployment of custom malware like SharpRhino.
Potential Vulnerabilities
The attack on KMC Controls may have been facilitated by common infection vectors used by Hunters International, such as phishing campaigns, RDP exploitation, and social engineering. The group's ability to bypass advanced security measures, as demonstrated in previous attacks, suggests that KMC Controls' defenses may have been insufficient to thwart such a sophisticated adversary. This incident serves as a stark reminder of the importance of comprehensive cybersecurity measures in protecting critical infrastructure and sensitive data.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!