The Donut ransomware group has expanded its victim list to include a prominent US Department of Defense contractor. The group, known for its malicious activities, posted a chilling message related to the DOD Contractor cyberattack on the dark web, signaling a brazen move against national security.
The dark web message, which was addressed to DOD contractors, opened with a sinister welcome: “DOD contractors, you are welcome in our chat.”
The message continued with a claim that the group had obtained sensitive documents from major defense contractors such as SpaceX, Lockheed Martin, and Boeing.
According to the post, these documents, deemed as legal property, were allegedly valued at US$20,000.
The group issued a stark warning, stating, “So we don’t think like that, and there our last warning. US$500k at least: you will pay for all data…”
US Department of Defense Contractor Cyberattack Claim Unverified
Despite the alarming message about the DOD Contractor cyberattack, concerns regarding the authenticity of the claim arose when it was discovered that the official website of the targeted defense contractor was fully operational. This contradiction led to the question of the legitimacy of the ransomware group’s assertions.
To delve deeper into the matter, The Cyber Express team took swift action, reaching out to the official representatives of the US Department of Defense contractor for verification. However, as of the time of compiling this report, no official response has been received, leaving the DOD Contractor cyberattack claim unverified.
The potential targeting of defense contractors raises significant national security concerns. If the DOD Contractor cyberattack claims made by the Donut ransomware group are substantiated, it could pose a severe threat not only to the targeted contractors but also to the broader defense ecosystem.
Threat Actors Focusing on High-profile Firms, Why?
In recent years, ransomware attacks have become increasingly sophisticated and targeted, with threat actors focusing on high-profile organizations and critical infrastructure.
This incident follows a string of cyber threats in January 2024 and in 2023, with the hacking group Phoenix taking credit for a Distributed Denial of Service (DDoS) attack on the US Congress website. The group explicitly targeted pages related to lobbying and online reporting in the United States, rendering the congressional website temporarily disabled. The hacker’s message confirming the attack was posted on their dark web channel.
In a separate but equally alarming development, the Snatch ransomware group has alleged a data leak involving the personal information of President Joe Biden, his son Hunter Biden, and First Lady Jill Biden. The group claims to have leaked Personally Identifiable Information (PII) and other sensitive data, throwing the cybersecurity community into a state of concern.
The authenticity of this data leak remains uncertain, pending an official statement from the White House regarding the alleged cyberattack on the 46th President of the United States.
Adding to the growing list of cyber threats, the US branch of the Industrial and Commercial Bank of China (ICBC), one of the world’s largest banks, has fallen victim to a major ransomware attack.
The inclusion of defense contractors in the victim list amplifies the gravity of such attacks, as it directly impacts the security and confidentiality of sensitive government information.
The unfolding situation in the case of the DOD Contractor cyberattack emphasizes the critical role of collaboration between government agencies, cybersecurity experts, and private entities in addressing and mitigating the escalating cyber threats that pose a risk to national security and public safety.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.