SAN FRANCISCO (Reuters) – The hack of software maker CDK Global (NASDAQ:) has disrupted car dealerships across the United States. This is the latest in a series of hacks in which cybercriminals are targeting large companies with ransom demands by hacking into hidden software. suppliers.
CDK produces software commonly used by car dealerships to process sales and other transactions. According to local press reports, due to the hack, many dealers began processing transactions manually.
Here’s more information about BlackSuit, which hacker group analysts believe is behind the CDK hack:
WHO/WHAT IS A BLACK SUIT?
Little is known about the group, but it appeared in May 2023. Analysts say the group is a relatively new cybercriminal team, spun out of an older and well-known Russian-linked hacker group called RoyalLocker.
RoyalLocker primarily hacked American companies and was a formidable hacking group based on another prolific gang called Conti. According to analysts, Royal was likely the third most common ransomware group behind LockBit and ALPHV.
However, BlackSuit is not as aggressive as others. The number of victims listed on the data breach site suggests it does not have as many hacking partners as larger extortion groups, said Kimberly Goody, head of cybercrime analysis at Mandiant Intelligence.
“The majority of BlackSuit victims are overwhelmingly located in the US, followed by the UK and Canada, and span a wide range of sectors,” she said.
HOW MANY ORGANIZATIONS WERE HACKED BY BLACKSUIT?
According to security company Recorded Future, he hacked at least 95 organizations around the world.
“The actual number of BlackSuit victims is likely much higher,” the company said in an email.
According to the security firm ReliaQuest’s blog, these were mostly American organizations in areas such as industrial products and education.
“As recently as last week, we saw Russian-speaking attackers associated with BlackSuit seeking partnerships in underground forums to provide access to companies,” Goudie said.
HOW DOES THE BLACK SUIT WORK?
BlackSuit is known to carry out “double extortion,” which in cybersecurity terms means it steals sensitive data from a victim organization, locks down its systems, and threatens to leak information.
Mandiant’s Goody said BlackSuit provided hacking infrastructure to other smaller cybercriminal partner groups known as “affiliates.” BlackSuit provided its partners with extortion-related support, including resources to harass victims or shut down their websites to force them to pay.