Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called “an isolated attack.” “Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India,” an Acer Corporate Communications spokesperson told reporters. “The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team and has no material impact on our operations and business continuity.” While Acer didn’t provide details regarding the attackers’ identity behind this incident, a threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The allegedly stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. As proof, the threat actor provided a video showcasing the stolen files and databases, the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers. This is the second time the computer giant’s systems have been breached this year after the ransomware attack claimed by REvil in March. Acer was asked to pay $50,000,000 for a decryptor and to get back the stolen data, the largest publicly known ransom at that date (REvil broke their record in July, asking Kaseya to pay $70 million ransom.) When asked by reporters to confirm the March ransomware attack, Acer did not provide a clear answer, instead of saying that they “reported recent abnormal situations” to relevant law enforcement agencies and data protection authorities. To additional requests for more details, Acer replied by saying that “there is an ongoing investigation and for the sake of security, we are unable to comment on details.” Advanced Intel’s Vitali Kremez told reporters that Advanced Intel’s Andariel cyber intelligence platform spotted the Revil gang targeting a Microsoft Exchange server on Acer’s domain before the attack.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased