BlackBasta claims responsibility for Rheinmetall attack.
the cyberwire logoMay 24, 2023

BlackBasta says it's the gang responsible for hitting Rheinmetall with ransomware.

BlackBasta claims responsibility for Rheinmetall attack.

BlackBasta, recently seen in action against Swiss-based technology company ABB, continues to show a predilection for attacks against industrial firms.

Rheinmetall data posted to BlackBasta's extortion site.

BlackBasta, a recently prominent double-extortion ransomware gang, published data stolen from Rheinmetall on BlackBasta's extortion site this past Saturday. According to BleepingComputer, samples on the site included "non-disclosure agreements, technical schematics, passport scans, and purchase orders." Rheinmetall confirmed that it had indeed come under attack by the Russian criminal organization: "Rheinmetall is continuing to work on resolving an IT attack by the ransomware group Black Basta. This was detected on 14 April 2023. It affects the Group's civilian business. Due to the strictly separated IT infrastructure within the Group, Rheinmetall's military business is not affected by the attack."

Rheinmetall is a well-known German manufacturer of steel, defense systems (one of its products is the widely used NATO 120mm smooth-bore tank main gun) automotive systems and engines.

Threat intelligence and its role in defense against organized cybercrime.

According to Colin Little, Security Engineer at Centripetal, wrote to put BlackBasta in context as a gang that's prospered. “The latest BlackBasta attack is just a textbook example of a cybercrime organization that has flourished in recent years. They are associated with the FIN7 cybercrime cartel, who has previously been tied to other notable ransomware operations like Darkside, BlackMatter, REvil and ALPHV," Little said. Criminal organizations can be protean, reforming, rebranding, going into and then emerging from occultation. "By following the re-branding and/or interoperation of these prolific criminal organizations, we can see a trend of high-profile attacks on large enterprise and critical infrastructure, which underscores the brief yet somber message that no organization, regardless of mission, size, or established history, is above being targeted." He sees threat intelligence as rendering an essential contribution to defense against criminal threats of this kind. "As a cyber security industry, we must provide greater quantity and quality of cyber threat intelligence, as well as technologies to stop and alert upon indicators of attack or compromise, from the very first indications. With threat actors collaborating to a greater degree than ever before, we must also strive for greater collaboration among private, commercial, and law enforcement entities." And such threat intelligence is best deployed, he argues, collaboratively. "We need to build industry coalitions that together leverage the world’s cyber security expertise against these threat actors. With greater collaboration, we can be proactive and meet the enemy on the battlefield -- on our terms, not theirs. The goal should be to prevent disaster, instead of forensically investigating it.”