🍎 🍕 Less apples, more pizza 🤔 Have you seen Buffett’s portfolio recently?Explore for Free

Explainer-The 'BlackSuit' hacker behind the CDK Global attack hitting US car dealers

Published 06/27/2024, 06:05 AM
Updated 06/27/2024, 05:43 PM
© Reuters. FILE PHOTO: A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1,  2017. REUTERS/Kacper Pempel/Illustration/File Photo

SAN FRANCISCO (Reuters) - A hack into software maker CDK Global (NASDAQ:CDK) has disrupted operations at auto dealerships across the U.S., the latest in a series of hacks where ransom-demanding cybercriminals target big companies by breaching behind-the-scenes software suppliers.

CDK makes software that is commonly used by car dealerships to process sales and other transactions. In light of the hack, many dealers have started processing transactions manually, according to local press reports.

Here is more about BlackSuit, the hacking group analysts say is behind the CDK hack:

WHO/WHAT IS BLACKSUIT?

Not much is known about the group, but it emerged in May 2023. Analysts say it is a relatively new cybercriminal team spun off of an older and well-known Russia-linked hacking group named RoyalLocker.

RoyalLocker mostly hacked American companies and was a formidable hacker group borne out of another prolific gang named Conti. Royal was likely the third most persistent ransomware group after LockBit and ALPHV, according to analysts.

Yet, BlackSuit is not as aggressive as the others. The number of victims it lists on its data leak site suggests it does not have as many hacking partners as larger ransomware gangs, said Kimberly Goody, head of cybercrime analysis at Mandiant Intelligence.

“The majority of BlackSuit victims have been overwhelmingly based in the U.S., followed by the U.K. and Canada and span a wide range of sectors,” she said.

HOW MANY ORGANIZATIONS HAS BLACKSUIT HACKED?

It has breached at least 95 organizations globally, according to the security firm Recorded Future.

“The real number of BlackSuit victims is likely much higher,” the firm said by email.

These were mostly American organizations in areas such as industrial goods and education, according to a blog last month by the security firm ReliaQuest.

“We have seen Russian-speaking threat actors affiliated with BlackSuit soliciting partnerships in underground forums to provide access to companies, as recently as last week,” said Goody.

HOW DOES BLACKSUIT OPERATE?

© Reuters. FILE PHOTO: A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1,  2017. REUTERS/Kacper Pempel/Illustration/File Photo

BlackSuit is known to carry out “double extortion,” which in cyber terms means it steals a victim organization’s sensitive data, locks up its systems, and also threatens to leak information.

Mandiant’s Goody said BlackSuit had provided hacking infrastructure to other smaller partner groups of cybercriminals known as "affiliates." BlackSuit provided extortion-related support to its partners, including resources to harass victims or down their websites to pressure them into paying.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.