In an intriguing turn of events, the DarkLab group recently stumbled upon a Data Leak Site (DLS) belonging to a new ransomware cyber gang known as Linkc. This group, despite being a fresh entrant into the cybercrime scene, has adopted the infamous double extortion strategy, which involves compromising and encrypting the victim’s systems, as well as gradually leaking sensitive data on their Data Leak Site.
However, what sets Linkc apart is their unconventional approach to their online presence. The Data Leak Site maintained by Linkc is incredibly minimalist, featuring only a logo and a brief post detailing the breach at H2O.ai, a company specializing in artificial intelligence. The absence of additional sections like FAQs or contact pages could be a strategic move to enhance operational security and draw immediate media attention to the leaked data.
The primary victim of Linkc’s attack, H2O.ai, is a prominent player in the development of machine learning platforms and AI services. The leaked information suggests that non-anonymized customer datasets meant for AI model training and comprehensive source code from Git projects, including software for autonomous driving and GPT models, were stolen. While H2O.ai is yet to release an official statement regarding the incident, the gravity of the breach cannot be understated.
The choice to target H2O.ai reveals Linkc’s penchant for organizations involved in Artificial Intelligence, hinting at their interest in monetizing valuable data and technologies. For cybersecurity professionals, this underscores the need to remain vigilant, investigate new threat groups like Linkc, and collaborate to share threat intelligence effectively.
As the cybersecurity landscape continues to evolve, Linkc’s emergence serves as a stark reminder of the ever-present threat of cybercrime. Whether this group will engage in more high-profile attacks or maintain a selective approach remains to be seen. Security experts are urged to enhance their monitoring and defense mechanisms in preparation for evolving digital extortion tactics.
In light of these developments, as a standard practice, RHC extends an invitation to the affected company, H2O.ai, to provide any updates on the situation. Any significant progress will be promptly shared on the blog. Additionally, individuals with pertinent information who wish to remain anonymous can utilize the whistleblower’s encrypted email address for communication.
Pietro Melillo, head of the Dark Lab group, highlights the importance of staying abreast of such cybersecurity threats and leveraging intelligence sources to counter ransomware threats effectively. With his background in cyber threat intelligence and a passion for hacking and technology, Melillo continues to lead the CTI Team “RHC DarkLab” in navigating the complex realm of cybersecurity.
The evolving nature of cybercrime demands a proactive and collaborative approach from cybersecurity professionals to combat emerging threats effectively. As Linkc marks its entry into the cybercrime domain, the response from the cybersecurity community will play a crucial role in mitigating the impact of such nefarious activities.