Written by Tharun Buddigina

Ransomware attack at LG and Mitsubishi

Two electronic giant companies are targeted by two ransomware groups.

LG, a south Korean electronic manufacturer, and Mitsubishi, a Japanese car manufacturing company are now demanded for ransom in exchange for their data. LG has already been warned by Maze group regarding the leak. See the earlier news here!

On 24 June 2020, Maze told BleepingComputer that they had breached LG electronics and stole 40 GB of source code from the manufacturer.

Source: Bleepingcomputer.com and cointelegraph.com

“Also, we would like to announce that in case of not contacting us today we will share information about attack on LG. We downloaded 40 GB of Python source codes from LG. Developments for a biggest companies in US, we will share part of source code on LG later” – Maze ransomware.

When asked how many devices were encrypted, the Maze operators told BleepingComputer that this “information currently is private and will be provided only to Lg negotiators.”

There is no information on how Maze was able to breach LG Electronics’ network but initial access methods used by the actor include connecting via an exposed remote desktop connection and pivoting to valuable hosts via compromised Domain Administrator accounts. But yet there is no official statement from the LG. Here are some proofs for their data and source code. The python code is said to be of a mailing project. Read more!

DoppelPaymer has also attacked the European paper-making division of Mitsubishi. They have listed this data on the darknet as well, with screenshots of their alleged stolen data.

The gang warned:

“WHITE paper? More to come here, LOT of we still have.” 

Mitsubishi also hasn’t provided an official statement about the ransomware attack yet.

Recently, Cointelegraph reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents.

Maze’s official dark web blog listed Threadstone Advisors, LLC as one of their victims following an attack early June. Read more at Cointelegraph.

Leave a comment