Ransomware Attack on AIUT by Hunters International Exposes Risks
Ransomware Attack on AIUT: A Deep Dive into the Hunters International Breach
AIUT Sp. z o.o., a leading Polish company in automation, robotics, and IoT, has fallen victim to a ransomware attack orchestrated by the notorious Hunters International group. This incident highlights the vulnerabilities faced by technology-driven organizations in the manufacturing sector.
AIUT: A Leader in Industrial Automation
Headquartered in Gliwice, Poland, AIUT is a prominent player in the fields of automation, robotics, and IoT. With nearly 30 years of experience, the company has established itself as one of the largest system integrators in Europe. AIUT's extensive product portfolio includes automated guided vehicles, smart metering devices, and comprehensive IT solutions tailored for various industries. The company employs over 1,000 individuals globally, with a significant portion of its workforce comprising highly qualified engineers. AIUT's commitment to innovation and its investment in Industry 4.0 initiatives have positioned it as a leader in the digital transformation of industries.
Attack Overview
The ransomware group Hunters International claims to have compromised 5.9 terabytes of AIUT's data, encompassing approximately 3,557,591 files. The attackers have issued a demand for a "one day offer" payment of 2000 USD to prevent the release of the data. This attack underscores the critical need for effective cybersecurity measures in organizations operating in the technology sector.
Hunters International: A Sophisticated Threat Actor
Emerging in October 2023, Hunters International is a Ransomware-as-a-Service group that has rapidly gained notoriety by leveraging Hive ransomware's code. The group employs double extortion tactics, combining data encryption with data theft to maximize leverage over its victims. Their malware framework is highly adaptable, allowing affiliates to target both Windows and Linux environments effectively. Hunters International's attacks are characterized by multi-stage operations involving network reconnaissance, lateral movement, and data exfiltration.
Potential Vulnerabilities and Penetration Tactics
AIUT's extensive global operations and reliance on advanced technological solutions may have made it an attractive target for Hunters International. The group likely penetrated AIUT's systems through phishing campaigns, RDP exploitation, or supply chain attacks targeting IT staff. Their use of sophisticated malware, such as SharpRhino, facilitates access and deploys ransomware by executing PowerShell commands, making it challenging for organizations to defend against such threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!