in Business, Security Collections

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

1.7k Views

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States.

Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year.

The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported.

Atlas Oil allegedly breached by Basta.

Atlas is one of the largest national distributers of fuel to 49 continental US States with over 1 billion gallons per year.

Sunoco is the largest at 8 billion gallons. pic.twitter.com/5OUODUt3fu

— Dominic Alvieri (@AlvieriD) May 20, 2024

The gang claims to have stolen 730GB of data from ATLAS, including Corporate data: Accounts, HR, Finance, Executive, department data, and users and employees’ data.

The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems.

The oil company has yet to disclose the alleged incident.

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model.

In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Enough ransomware gang to the financially motivated hacking group FIN7.

In November 2022, experts at the Cybereason Global SOC (GSOC) team observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US.

The attack chain starts with a QBot infection, The operators use the post-exploitation tool Cobalt Strike to take over the machine and finally deploy the Black Basta ransomware. The attacks began with a spam/phishing email containing malicious URL links.

The researchers noticed that once obtained access to the network, the threat actor moves extremely fast. In some cases observed by Cybereason, the threat actor obtained domain administrator privileges in less than two hours and moved to ransomware deployment in less than 12 hours.

What do you think?

0 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

The application of SBOM (Software Bill of Materials) in the entire application security life cycle – Andrew Zhenghan

Why Your Wi-Fi Router Doubles as an Apple AirTag