Fujitsu: Data for sale on the dark web is debated

Data from Japanese tech giant Fujitsu is on sale on the dark web. They are sold by a group called Marketo, but their provenance is debated.

On August 26, Marketo written on his leak site that he has 4 GB of data stolen from Fujitsu, which is put up for sale. The company provides sample data, claiming to have confidential customer data, but also company information, budget data, reports and other company documents, including information about its customers. projects.

Initially, the group’s leak site listed 280 offers for this data, but there are only 70 left today.

Fujitsu minimizes the incident


A screenshot of the site of the leak. Image: Etay Maor

On the Fujitsu side, the incident is minimized. “We are aware that information has been uploaded to the Marketo dark web auction site, which claims to have obtained it from our site. Details of the source of this information, especially if it comes from our systems or our environment, are unknown, ”said a spokesperson for the company.

He adds that there is no indication that this event is related to the theft of data from Japanese government entities via Fujitsu’s ProjectWEB platform that occurred in May: “As this is information that appears to be related to customers, we will refrain from commenting on the details. I assume you remember the last Project WEB event in May, but there is no indication that this includes any information leaked from ProjectWEB, and we believe this matter is unrelated ”.

Several cybersecurity experts, including Cato Networks senior director of security strategy Etay Maor, also question the number of offers on this data. The latter notes that the Marketo group controls the website, and that it can easily change the number of offers in order to put pressure on potential buyers.

A reputable source?

But Ivan Righi, cyber threat analyst at Digital Shadows, recalls that Marketo is known to be a reputable source. While the legitimacy of the stolen data cannot be confirmed, he says, the group’s previous data leaks have been proven to be genuine.

“Therefore, the data exposed on their website is likely to be legitimate. At the time of writing, Marketo had only exposed a 24.5MB “evidence package”, which contained data relating to another Japanese company called Toray Industries. The group also provided three screenshots of spreadsheets allegedly stolen during the attack, ”said the analyst.

He adds that while Marketo is not a ransomware group, it works similarly: “The group infiltrates companies, steals their data, then threatens to expose that data if a ransom is not paid. If a company does not respond to the attacker’s ransom note, it is ultimately displayed on Marketo’s data breach site.

“Once a business is posted on the Marketo site, it usually receives an evidence packet containing data stolen during the attack. The group will then continue to threaten companies and expose data periodically, if the ransom is not paid. Although the group has an auction section on its website, not all victims are available in this section, and Fujitsu has not been publicly auctioned at the time of writing. It is not known where the supposed 70 bids came from, but it is possible that they came from closed auctions. “

Unstated proximity to ransomware groups

Digital Shadows wrote a report on the Marketo Group in July, noting that it was formed in April 2021 and often markets its stolen data. through a Twitter profile by the name of @Mannus Gott. This Twitter account has also taunted Fujitsu in recent days, writing Sunday: “oh, the sweet, sweet irony. One of the largest IT service providers could not find adequate protection ”.

Marketo has repeatedly claimed that it is not a ransomware group, but rather an “information marketplace”. The group contacted several media outlets last May to praise their work.

“The marketplace itself operates similarly to other data breach sites, with a few unique features. Interestingly, the group includes an “Attacking” section in which organizations that are being attacked are named. The marketplace allows user registration and offers a contact section for victim and press inquiries, ”writes the Digital Shadows research team.

“Victims are given a link to a separate chat to conduct negotiations. In individual posts, Marketo provides a summary of the organization, screenshots of apparently compromised data, and a link to an “evidence pack”, in other words, evidence. They auction sensitive data in the form of a silent auction, through a blind auction system where users bid based on what they think the data is worth. “

Dozens of companies on its leak site


Image: Digital Shadows.

In the past, the group has gone so far as to send samples of stolen data to competitors, customers and business partners to shame victims and make them pay to recover their data.

The group has listed dozens of companies on its leak site, including Puma recently, and it typically discloses one per week, mostly selling data from organizations in the United States and Europe. At least seven industrial goods and services companies were affected, as well as organizations in the health and technology sectors.

“You must not believe Marketo”

Brett Callow, ransomware expert and threat analyst at Emsisoft, tells it’s unclear how Marketo gets the data it offers, while adding that there are indications that this data is often linked to attacks. of ransomware.

“Despite its attempt to stay away from ransomware groups, it appears that at least some of its data was obtained as part of ransomware attacks. It is not clear whether they know these lots were picked up from other sites or whether they were duped. They might be trying to scam buyers or they might have been scammed themselves. It’s impossible to say, ”said Brett Callow.

“The main thing is, don’t believe Marketo’s claims. In fact, the default assumption should be that each of their pieces of information is wrong: the amount of data obtained, the source of that data and its nature. After all, they are criminals, and they are not known for their honesty. “

He clarifies that some of the victims listed on Marketo’s leak site have been hit by ransomware attacks recently, including X-Fab, which was hit by the Maze ransomware group in July 2020, as well as Luxottica, which was affected by Nefiliim ransomware in September.

Source: .com

Back to top button