LockBit3 Ransomware Attack on Allied Telesis: A Threat to Global Telecommunications
Ransomware Attack on Allied Telesis by LockBit3
Company Profile
Allied Telesis is a global provider of secure Ethernet/IP access solutions and a leader in the deployment of IP Triple Play networks over copper and fiber access infrastructure. The company designs and manufactures a full range of Layer 2-7 Ethernet switches, routers, and network management software, as well as a comprehensive line of IP Triple Play solutions. Known for its innovative networking solutions, high-quality service and support, and extensive worldwide customer presence, Allied Telesis has built a strong reputation in the industry. As of December 31, 2023, Allied Telesis employs 1,850 consolidated employees.
Company Standout
Committed to providing high-quality, reliable products that are easy to deploy and manage, Allied Telesis emphasizes partnerships and strategic alliances. This focus has led to successful collaborations with various companies in the industry, further solidifying its position as a leader in networking solutions.
Victim Vulnerabilities
As a prominent player in the telecommunications sector, Allied Telesis handles sensitive data, making it a target for threat actors like the LockBit3 ransomware group. The company's global presence and the critical infrastructure organizations it serves increase its attractiveness to cybercriminals looking to extort money through ransomware attacks.
Attack Overview
The LockBit3 ransomware group targeted alliedtelesis.com and claimed to have leaked data, including project details dating back to 2005, passport information, and product specifications. The breach, which occurred on May 27, 2024, involved the exfiltration of confidential data. LockBit3 threatened to fully release the data by June 3, 2024, if their demands were not met.
Ransomware Group Profile
The LockBit3 ransomware group, an evolution of the LockBit group, is known for its advanced and dangerous ransomware threats. Also known as LockBit Black, this Ransomware-as-a-Service (RaaS) group actively recruits affiliates and targets a wide range of businesses and critical infrastructure organizations globally.
How LockBit3 Penetrated
LockBit3 distinguishes itself by encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. LockBit3 features include lateral movement through a network via group policy updates and the ability to delete traces of itself to cover its tracks, making it more modular and evasive than previous ransomware variants.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!