The group developed its ransomware using leaked Babuk source code, a technique that has been adopted by multiple threat actors to create their own malicious software.
In a recent SEC submission, Johnson Controls revealed that a cybersecurity incident disrupted some of its internal IT infrastructure and applications this week. Currently, they are conducting an ongoing investigation to determine the potential compromise of information.
Moreover, the company specified that many of its applications remain operational and unaffected at this time. In response to the breach, Johnson Controls has implemented workarounds for specific operations, aligning with its business continuity plans, to mitigate disruptions and continue serving its customers. However, the incident has disrupted certain segments of the company’s business operations, with the possibility of ongoing impact.
Furthermore, the cybersecurity incident could result in a delay in the release of the company’s financial results for the fourth quarter and full fiscal year.
In addition to its global presence with over 100,000 employees across 150 countries, Johnson Controls offers a wide range of solutions and services, including HVAC, automation, security, safety, smart home, retail, industrial refrigeration, and energy.
According to the threat intelligence group VX-Underground, they attribute the attack on Johnson Controls to the ransomware group Dark Angels, who claim to have accessed and stolen a substantial 27 terabytes of data from the company’s systems.
Notably, researcher and VX-Underground member Gameel Ali recently posted a screenshot showing what seems to be the ransom note that the cybercriminals sent to the company.
Furthermore, as of the current moment, the ransomware group’s Tor-based leak website doesn’t mention Johnson Controls.
Additionally, the Dark Angels gang made their debut in May 2022, employing a blend of data theft and file-encrypting malware to compel victims into paying a ransom. In recent months, these hackers have aimed their attacks at numerous prominent organizations in the United States.
Lastly, the group has developed its ransomware by utilizing leaked Babuk source code, which various threat actors have adopted to create their own malicious software.
Related stories:
- DHS Allocates $375 Million to Fight Ransomware Attacks: State and Local Governments Take Action
- Unmasking the Dark Scheme: UK Man’s Conviction for Ransomware Attack and Blackmail
- Ransomware Attack on Point32Health Sparks Security Concerns
- Global Cybercrime Crackdown: Europol Busts Cryptocurrency-Driven Malware Network