Ransomware Attack on Air International Thermal Systems by Play Ransomware Group

Air International Thermal Systems (AITS), a global leader in automotive thermal management solutions, has recently fallen victim to a ransomware attack orchestrated by the notorious Play ransomware group. This breach has compromised a significant amount of sensitive information, including private and personal confidential data, client documentation, contracts, identification details, and financial information.

About Air International Thermal Systems

Established in 1967, AITS specializes in designing, developing, and supplying high-quality heating, ventilation, and air conditioning (HVAC) systems, powertrain cooling solutions, and thermal management systems for electric and hybrid vehicles. The company operates across four continents, serving a diverse array of automotive original equipment manufacturers (OEMs). AITS is known for its innovative and sustainable engineering solutions, which have earned it numerous industry accolades.

Company Size and Operations

AITS employs a significant workforce, although specific employee numbers are not disclosed. The company has manufacturing facilities and technical centers in the United States, China, Mexico, and several European nations. AITS's extensive reach and expertise in the automotive sector make it a preferred supplier for many OEMs.

Vulnerabilities and Attack Overview

The Play ransomware group, also known as PlayCrypt, has been active since June 2022 and has targeted various industries, including IT, transportation, and critical infrastructure. The group is known for exploiting vulnerabilities in RDP servers, FortiOS, and Microsoft Exchange, among others. In the case of AITS, the attack likely involved exploiting these vulnerabilities to gain initial access, followed by the use of tools like Mimikatz for privilege escalation and custom tools for data exfiltration.

About Play Ransomware Group

Play ransomware distinguishes itself by not including an initial ransom demand or payment instructions in its ransom notes. Instead, victims are directed to contact the threat actors via email. The group uses a variety of methods to maintain persistence and evade detection, including disabling antimalware solutions and using custom network scanners. Play ransomware has impacted over 300 entities globally, causing significant disruption across multiple sectors.

Impact and Implications

The attack on AITS is particularly concerning given the critical nature of their work in automotive thermal management. The breach not only compromises sensitive data but also poses a risk to the company's reputation and operational integrity. As AITS continues to address the fallout from this attack, the incident serves as a stark reminder of the growing threat posed by sophisticated ransomware groups like Play.

Sources

• Air International Thermal Systems
• SOCRadar - Play Ransomware
• Cyberint - Play Ransomware
• Symantec - Play Ransomware