Ransomware Attack on Associated Building Specialties, Inc. by Hunters International

Associated Building Specialties, Inc. (ABS), a renowned specialties and glazing subcontractor based in Broomfield, Colorado, has recently fallen victim to a ransomware attack orchestrated by the notorious ransomware group, Hunters International. The attack was discovered on September 14, 2024, and has raised significant concerns within the construction industry.

Company Profile

Established in 1985, ABS has built a strong reputation for its commitment to quality craftsmanship and exceptional service. The company specializes in providing a wide range of Division 10 products, including toilet partitions, washroom accessories, lockers, visual display boards, and fire extinguishers. Additionally, ABS has a glazing division that offers comprehensive solutions for both interior and exterior applications, such as storefronts and curtain walls.

ABS is known for its collaborative approach, working closely with contractors, architects, and facility owners to ensure project success. This dedication to client service and a culture of safety, quality, and timely delivery has solidified their reputation in Colorado and beyond.

Attack Overview

The ransomware attack on ABS was claimed by Hunters International via their dark web leak site. The extent of the data leak remains unknown at this time. The attack has disrupted ABS's operations, potentially compromising sensitive client information and project data.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.

Investigations have revealed potential ties to Nigeria through domain registrations and email addresses associated with the group. However, the group is known to use fake identities and tricky methods to conceal their true origins, making it difficult to definitively determine their location and leadership.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, ransomware groups like Hunters International typically exploit vulnerabilities in a company's cybersecurity infrastructure. This can include outdated software, weak passwords, and lack of employee training on phishing attacks. Given ABS's extensive operations and the sensitive nature of their project data, they present an attractive target for ransomware groups seeking to maximize their impact and potential ransom payments.

Sources

• Associated Building Specialties, Inc.
• SOCRadar - Dark Web Profile: Hunters International
• Quorum Cyber - Hunters International Ransomware Report
• Netenrich - Hunters International Group DLS Identity Exposure
• Global Security Mag - Hive Ransomware's Offspring: Hunters International Takes the Stage