Threat Watch

Korean Hackers Claiming to Have Breached ZEE5

Korean Hackers (John Wick): A threat group identifying themselves as the “Korean Hackers” or “John Wick” has claimed to have breached the Indian video on demand company ZEE5 and warns that they are going to sell the stolen data. ZEE5 is owned by Essel Group, which is a conglomerate that owns various media outlets and TV channels. Researchers at Quickcyber have revealed details about a data breach that affected ZEE5. The threat actor sent email warnings to Essel Group entities and employees of ZEE5 claiming the breach and threatening to expose the data “soon,” but did not give a date or deadline for a response. The threat group claims to be security researchers from Korea that find bugs and report them to companies. If the company does not respond, the threat actor will threaten to sell the stolen data. The group stated that they have “hacked over 50 big websites but have never sold anything before.” It is unclear if the threat actor has not sold anything because the companies they have targeted responded to their threats, or if the group’s claims about the amount for companies they have targeted before is false. Typically, the threat actor requests a “donation” for their help in identifying the bug and according to them, they are talking to ZEE5 about a demand for 10 Etherum (approximately $2400 USD) to not leak the data. Screenshots from the breach have been uploaded to a repository on Bitbucket as proof of what the threat actor gained access to. The uploaded data shows other entities such as Dish Television, but it is unclear if data from these entities is included in the information that was stolen.

ANALYST NOTES

It is not uncommon for threat actors to claim that they are security researchers as a way to justify breaching companies and asking for a donation for their service instead of calling it a ransom or extortion payment. Other incidents claimed by the “Korean Hackers” group include website defacements. At this time, there is no evidence to support the assertion that threat actor is from Korea as they claim. This attack has not been confirmed by ZEE5 but acknowledged by the company after news broke of the breach. ZEE5 stated that they are investigating further to see if any data was actually stolen. Unlike other countries, India has a lack of data privacy laws, allowing big companies to be breached with little to no fines or penalties. Because of this, data security in India is not taken as seriously as in other countries, making them a target of opportunity for threat actors such as this.

Full details can be found here: https://www.bleepingcomputer.com/news/security/zee5-allegedly-hacked-by-korean-hackers-customer-info-at-risk/