| Category | Details |
|---|---|
| Threat Actors | Termite ransomware group, an emerging variant of Babuk ransomware. |
| Campaign Overview | A ransomware attack on Blue Yonder (subsidiary of Panasonic), disrupting operations and targeting supply chain systems. |
| Target Regions | United Kingdom (e.g., Morrisons, Sainsbury) and United States (e.g., Starbucks); also affected clients globally (e.g., BIC, Renault). |
| Methodology | Double extortion tactics: encrypting systems and threatening to leak stolen data. |
| Product Targeted | Blue Yonder’s managed services hosting environment and supply chain software solutions. |
| Malware Reference | Termite ransomware (variant of Babuk). |
| Tools Used | Not specified, but associated with Dark Web leak sites and data exfiltration mechanisms. |
| Vulnerabilities Exploited | Not explicitly mentioned. Emphasized vulnerabilities in third-party supply chain platforms. |
| TTPs | - Double extortion (encryption + data leakage threats). - Exploitation of supply chain platforms. - Use of Dark Web leak sites for data exposure. |
| Attribution | Termite ransomware group, newly emerged but already active with seven known victims listed on their Dark Web leak site. |
| Recommendations | - Proactive monitoring of third-party vendors and their cybersecurity posture. - Use of solutions like SOCRadar for supply chain intelligence and Dark Web monitoring. - Integration of ransomware-specific IoCs into security infrastructure (e.g., SIEM, EDR). - Rapid incident response and transparent communication. |
| Source | SOCRadar |
Read full article:https://socradar.io/termite-ransomware-attack-on-blue-yonder/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply