A recent cyber attack on Cyberport, a business park in China, has raised concerns about the security of digital and technology companies in the region. The attack, which was claimed by the ransomware group Trigona, targeted Cyberport’s systems and resulted in unauthorized third-party access.
Screenshots from Trigona’s dark web post revealed that the group had exfiltrated data from the victim’s systems. The samples included documents, ID cards, and graphics of users. The cybercriminals demanded a ransom of $300,000 in exchange for the return of the stolen data. They set a deadline of 23 days and around 14 hours for the payment to be made.
Trigona is a well-known ransomware group that has been active since October 2022. They have targeted high-profile organizations with strong cybersecurity defenses, indicating that they possess sophisticated tools to breach most systems. In the case of the Cyberport attack, the group has exfiltrated a significant amount of data, including project files, HR-related data, financial data, FinTechTeam data, and leasing information. The stolen data amounts to over 436GB.
Upon discovering the breach, Cyberport immediately shut down affected computer equipment. The incident is now under investigation by the Hong Kong Police Force. In a press release, Cyberport condemned the cyber attack and expressed its willingness to cooperate fully with law enforcement agencies.
Further investigation into Trigona’s activities revealed that they had also targeted the website of Unimed, a medical work cooperative and health insurance operator in Brazil. The group exfiltrated over 12GB of data from the Unimed data breach, including financial information. Trigona demands ransom payments only in the form of Monero cryptocurrency.
The Trigona ransomware has been continuously updated by its developers to enhance its capabilities in launching cyber attacks. The group has been known to employ brute force methods to guess common login credentials and gain unauthorized access to systems.
The Cyberport cyber attack highlights the increasing threat of ransomware attacks targeting businesses and organizations worldwide. It serves as a reminder for companies to prioritize cybersecurity measures and regularly update their defenses to prevent such incidents from occurring.
Disclaimer: This report is based on internal and external research and should be used for reference purposes only. The Cyber Express assumes no liability for the accuracy or consequences of using this information. The situation is ongoing, and further updates may be provided as more information becomes available.