Cybercrime group Vice Society publishes confidential data of public mining company Hunosa, which is part of the Society for State Industrial Participation (SEPI). The company has a significant presence in the north of Spain, especially in the Principality of Asturias, where it also develops energy services. The leaked data includes financial information, lists of debtors, documents from the board of directors, the strategy department and even the workers’ health services, which elDiario.es was able to verify.
Public company sources confirm that the media suffered a cyber attack in late 2022 that was not made public until now. They link this leak to that incident. “At the end of December, there was a cyber attack that affected some of our computer systems. Our crisis committee coordinates the management of the cyber incident, in cooperation with the competent authorities and other stakeholders, and reports the situation to the National Police,” they said.
Hunosa’s operations were “generally unchanged” by the cyberattack, the same sources continued, after which security measures were tightened. “Implementation of a proactive digital surveillance system allowed the company to detect information exfiltration,” they add. Hunosa has once again informed the authorities about the situation and is “analyzing the published information to take appropriate security measures”.
Vice Society is a cybercriminal gang, which is established by cyber security specialists on the territory of Russia. As they explain on their website deep web, publish data on companies they attack when they refuse to pay what they ask in exchange for not doing so. Hunosa did not confirm to elDiario.es if there was a ransom demand.
According to the cybercriminals themselves, their activities began in January 2021. In September 2022, the FBI and the US Cybersecurity and Infrastructure Agency warned about them after discovering an increase in their targeted attacks in the education sector. Vice Society uses ransomware attacks to steal information and target the victim’s computer systems. Initially, they used third-party offensive tools for this, which were acquired from other cybercriminal groups specializing in their development. However, researchers suspect that they have developed their own, “stronger” encryption methods in recent months.
“Members of the Vice community will likely get first-time access to the network.” [de sus víctimas] through compromised certificates of Internet-connected applications,” it explains America’s warning. “Before deployment RansomwareCybercriminals spend time probing the network, increasing access opportunities, and exfiltrating data for double extortion, a tactic in which cybercriminals publicly threaten to reveal sensitive data unless the victim pays a ransom.
Vice Society has “disproportionately” attacked targets in the education sector, but has also hit private companies in other areas. “We have evidence that the group is also targeting the manufacturing sector, which means they have the ability and willingness to penetrate various industries, likely by purchasing compromised credentials through hidden channels,” he reveals. Last report from cybersecurity firm Trend Micro. “We have discovered the presence of the Vice Society in Brazil (mainly affecting the country’s manufacturing industry), Argentina, Switzerland and Israel,” he warns.
This is the third serious cyber attack that has been reported in Spain in just ten days. On March 5, the computer systems of Hospital Clinic Barcelona were paralyzed by another ransomware attack from which they have not yet fully recovered. Five days later, Sagardoy’s law firm, one of the most important in the field of labor, was threatened by another group of cybercriminals, who gave it 10 days to pay before releasing confidential data. The threat is gone from the portal deep web A few hours later from cybercriminals.
Source: El Diario
