LockBit Hackers Exploit Accenture to Compromises an Airliner!

Cyberattacks on an organization can have severe ripple effects that have the potential to reach far beyond. The damage can quickly spread to other businesses, such as partners, vendors, and customers.

The same is the case with the recent Accenture ransomware attack.

The LockBit hackers, who breached Accenture, have exploited the ill-gotten credentials of Accenture to go after the MNC’s customers.

The ransomware gang has compromised an airliner that was using Accenture software. The malicious actors claim that they have encrypted the systems of the airliner through the credentials accessed during the Accenture cyberattack.

However, LockBit has declined to name the airliner. Going by the rule book, Accenture has once again adopted a nebulous stance by refuting LockBit’s claims.

“We have completed a thorough forensic review of documents on the attacked Accenture systems. This claim is false,” said Accenture.

“As we have stated, there was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat actor, we isolated the affected servers.”

After the Accenture ransomware attack, LockBit reported that they had infiltrated sufficient data to breach some clients in Dublin, Ireland.

Hot on heels of the Accenture attack, the malicious gang zeroed in on Bangkok Airways and Ethiopian Airlines. They encrypted the systems of the Thai company and leaked more than 200 GB of personal data belonging to the passengers.

According to Bangkok Airways, the exposed data included full names, gender, nationality, phone numbers, emails, physical addresses, passport info, travel history, and partial credit card details.

In the case of Ethiopian Airlines, the LockBit gang hasn’t published any stolen data despite their recent claim that they have leaked the data.

LockBit Airlines Accenture Attack

However, it’s unclear whether Bangkok and Ethiopian airliners are customers of Accenture, and neither of the airlines hasn’t commented on the claims yet.

“The LockBit operators haven’t actually published any data from Ethiopian Airlines or Accenture despite their website indicating that they’ve done exactly that,” said Emsisoft Threat Analyst Brett Callow.

“What’s going on isn’t clear. It could be the case that minimal or no data at all was exfiltrated in the incidents and LockBit’s claims are simply a bluff.”

“It can take weeks for forensic investigators to work out what happened during an attack, and ransomware gangs like LockBit like to use that uncertainty to their advantage,” Callow added.

Vindicating Callow’s statement is LockBit’s history of publishing names of companies it claims to be its ransomware victims and later dropping them from the leak site without any explanation.

In the past, some of the companies listed by LockBit weren’t actually victims. This indicates LockBit’s ploy to deceive concerned companies to pay the ransom under false pretenses, according to Tom Hofmann, Flashpoint’s SVP of intelligence.

“I know of one particular ‘victim’ who contacted us to definitely state they were not a victim. We have been contacted by some companies named on these victim sites that claim they have never been victimized,” said Hofmann.

Meanwhile, cybersecurity experts are underscoring how the fallout from tech giants at the top affects everyone from business partners to customers to parties with national security interests.

“More details will be forthcoming over the coming weeks and months, and it’s almost certainly going to be worse than is stated now,” mentioned Richard Blech, CEO of Irvine-based encryption technology firm XSOC Corp.

“With what they handle and whom they deal with at Accenture, I think it’s going to be quite serious. It’s just too much information. This was a big compromise. They can minimize it all they want, but that’s an awful lot of files,” he added.

Contact Us

More Articles: