Press ESC to close

Play Ransomware Claims Krispy Kreme Breach, Threatens Data Leak

Category Details
Threat Actors – Play Ransomware Group (also known as PlayCrypt)
– Alleged collaboration with North Korean state-backed hackers
Campaign Overview – Data breach at Krispy Kreme (disclosed on December 11, 2024).
– Play Ransomware claimed responsibility and threatened to leak data within two days.
– Uses double-extortion (data exfiltration and encryption) tactics.
Target Regions – Krispy Kreme operations in the United States were disrupted.
– Historically targeted sectors in North America, South America, and Europe.
Methodology – Double-extortion model: exfiltrated sensitive data and encrypted systems.
– Threatens to leak stolen data if ransom demands are unmet.
Product Targeted – Internal systems and sensitive data of Krispy Kreme
Malware Reference – Play Ransomware
– New variant introduced in July 2024 targeting Linux ESXi environments
Tools Used – Ransomware for data encryption and exfiltration
Vulnerabilities Exploited – Not explicitly mentioned in the text. Likely exploitation of internal vulnerabilities to gain initial access.
TTPs – Data exfiltration and encryption.
– Use of dark web leak sites for extortion.
– Collaboration with state-backed actors for complex, high-impact campaigns.
Attribution – Play Ransomware Group
– Linked to North Korean state-backed hackers (as per October 2024 Palo Alto Networks’ Unit 42 report)
Recommendations – Implement robust backup and disaster recovery plans.
– Monitor and secure access to internal systems.
– Regularly patch vulnerabilities and update software.
– Deploy EDR solutions to detect and prevent ransomware activities.
Source Hackread

Read full article: https://hackread.com/play-ransomware-krispy-kreme-breach-data-leak/

The above summary has been generated by an AI language model

Source: Hackread

Published on: December 19, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *