Hacker behind the CDK Global attack hitting US car dealers

A hack into software maker CDK Global has disrupted operations at auto dealerships across the U.S., the latest in a series of hacks where ransom-demanding cybercriminals target big companies by breaching behind-the-scenes software suppliers.
CDK develops software many dealers use to handle sales and other transactions. In response, dealers have begun processing transactions manually, according to local press reports.

Additional identifying details on BlackSuit, the hacking group analysts say is behind the CDK hack:

WHO/WHAT IS BLACKSUIT?
Not much is known about the group, but it emerged in May 2023. The experts say it is still quite a new criminal cyber squad spun off an older and at the same time famous Russia-linked hacking group named RoyalLocker.
The above-mentioned RoyalLocker mostly hacked companies in America and was an influential hacker group borne out of another prolific gang named Conti. Probably Royal was the third most persistent ransomware group after LockBit and ALPHV, say the analysts.

However, BlackSuit is not as aggressive as the others. That it doesn’t have as many hacking partners as the larger ransomware gangs is reflected in the number of victims listed on its data leak site — a tactically Lace exploitation site, said Kimberly Goody of Mandiant Intelligence, who’s been tracking BlackSuit.
“The vast majority of BlackSuit victims have been overwhelmingly based in the U.S., followed by the U.K. and Canada, and span a wide range of sectors,” she said.

HOW MANY ORGANISATIONS HAS BLACKSUIT HACKED?
It has breached at least 95 organisations worldwide, according to security firm Recorded Future.
“The real number of BlackSuit victims is likely much higher,” the firm said in an email.
They were largely American organisations in sectors such as industrial goods and education, said a blog last month by the security firm ReliaQuest.
“We have seen Russian-speaking threat actors affiliated with BlackSuit looking to partner in underground forums to gain access to companies, as recently as last week,” Goody said.
HOW DOES BLACKSUIT OPERATE?
BlackSuit is known to carry out “double extortion” which in cyber terms means, it steals sensitive data of the victim organization, locks up its systems and also threatens to leak information.
According to Goody of Mandiant, BlackSuit provided the underlying hacking infrastructure to several smaller cybercriminal partner groups often referred to as “affiliates.” Reports had it that BlackSuit also supplied its partners with resources to conduct extortion activities such as harassing victims or knocking off websites to squeeze them for a payoff.

Leave a Reply

Your email address will not be published. Required fields are marked *