Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Aurora Cannabis Files Being Sold by Attacker

Aurora Cannabis is a Canadian cannabis producer listed on both the Toronto Stock Exchange and the New York Stock Exchange and operates several cannabis-related medical and consumer brands, such as MedRelease, Whistler Medical Marijuana Corp, CanniMed, Woodstock, San Rafael, and Daily Special. An attacker is selling stolen data from the cannabis giant after breaching their systems on Christmas day. Marijuana Business Daily reported that former and current employees received data breach notifications from the company. The data breach notifications included details about what data was stolen and each employee reported that different data was compromised. Some of the reported stolen data included credit card information, government identification, home addresses, and banking details. The attacker is now selling the data on a forum for one Bitcoin, worth approximately $41,000 USD, and posted eleven stolen files to promote the sale. The stolen data samples include passports, checks, drivers’ licenses, and business documents. BleepingComputer interviewed the attacker and was told that they had stolen 50 GB of data by attacking their network. The threat actor claims to still have access to the company’s network. The attacker also claims that they have attempted to contact Aurora Cannabis to ransom the data back to them but have not received a response.

Analyst Notes

Customers of Aurora Cannabis should monitor their financial institutions and credit reports for malicious activity and possible stolen identity attacks. All organizations should actively monitor their networks for unusual activity. The teams at Binary Defense stand ready to partner with organizations to assist them in implementing a well-rounded cybersecurity program that includes best practices such as 24/7 monitoring of internal systems for signs of intrusions, as well as watching criminal forums, Clearnet and Darknet sites for leaks and threat information to protect themselves and their clients.

Source Article: