ARRL says it was hacked by an “international cyber group”


American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information.

ARRL is the national association for amateur radio in the United States, representing amateur radio interests to government regulatory bodies and promoting events and educational programs for enthusiasts around the country.

On May 16, the ARRL announced that it had suffered a “serious incident involving access to our network and headquarters-based systems.”

The breach disrupted the organization’s services, taking down its phone systems and the Logbook of the World. LoTW is an online service used by amateur radio enthusiasts to log successful contacts with other people around the world.

As the ARRL did not share any further information, members became concerned about what they felt was a lack of transparency from the organization.

“We still don’t know what they haven’t told us and maybe it is important, maybe not,” a member posted to the ‘My ARRL Voice’ Facebook group.

“The point is very clear that the communication to the membership about the incident is very unprofessional and limited in its scope.”

Today, the ARRL finally shared more details regarding the cyberattack, stating that it was conducted by a “malicious international cyber group.”

“On or around May 12, 2024, ARRL was the victim of a sophisticated network attack by a malicious international cyber group,” reads a new update from the ARRL.

“ARRL immediately involved the FBI and engaged with third party experts to investigate.”

“This serious incident was extensive and categorized by the FBI as “unique,” compromising network devices, servers, cloud-based systems, and PCs.”

However, the ARRL has still not shared whether ransomware was involved and if data was stolen during the attack.

If it was a ransomware attack, it is common for the threat actors to first steal data before encrypting servers. This stolen data is then used as leverage, with the attackers threatening to publish the stolen files if a ransom is not paid.

BleepingComputer contacted ARRL today with further questions about the attack. However, our previous attempts to contact the organization remain unanswered.



Source link