The ATP group Play, which has only been active since June 2022, claims to have attacked three important companies: BMW Group France, the chemical company Schirm and CH Media, which also affected the Neue Züricher Zeitung. All companies can be found on Play's leak page and have a few days countdown until the first data is to be published.
Just because a group lists a company on its leak page doesn't mean 100% that the company was actually hacked. At least some well-known companies can be found on the leak page of the still quite new but very active APT group Play. For example, the counter for the extortion of BMW Group France already expired and there is a download link for 5 GB of data that is said to come from a larger stolen data package. Since downloading the stolen data would be illegal, it remains to be seen whether specialists will examine the data or whether BMW itself will classify the data as authentic.
Data from BMW France real?
The online magazine CSO Germany also reported that there was a cyber incident at BMW France. The stolen data is said to be private, personal and confidential data, contracts, financial information and customer documents of the sales subsidiary of BMW Group France. The APT group Play states on its website that it intends to release the complete data dump shortly, as apparently no ransom was paid.
The portal cybernews claims to have spoken to a BMW manager. There is talk of a cyber incident, but according to the spokesman, one must first check whether data has really leaked.
CH-Media and NZZ attacked and disturbed
The attack on parts of the network of the Neue Züricher Zeitung and CH Media has been known for a long time. The effects of the attack were already noticeable to many readers, listeners and viewers at the end of March. According to information from Blick.ch, the radio station FM1 was affected by the attack, as well as the online platform FM1 Today, the television station TVO and other editorial offices of the CH Media publishing house. Since the NZZ media group has a stake in CH Media, there was this chain reaction through the NZZ network. While some issues of the NZZ could not appear in full, the ePaper was also affected.
Play probably also attacked Schirm Chemie
Also very topical for the play group den Chemical manufacturer screen on his leak page. The countdown is supposed to expire on 21.04.23/XNUMX/XNUMX and then the first data should be available online. The group claims the data will contain confidential employee and customer information, contracts and financial information. A ransom is not mentioned here either.
Schirm GmbH, which has been part of the South African AECI Group since 2018, describes its business on the website as follows: “As a production service provider and contract manufacturer for the chemical and related industries, we have decades of experience in the synthesis, formulation and packaging of fine, special and and agrochemicals.”
Group PLAY background
According to the Fortinet is the Play group still fairly new to the business. The newcomer to the ransomware game was first spotted in June 2022. Play is the name of the group and also the name of the ransomware executable. Like many other operators, Play has adopted the double-ransom method, encrypting endpoints and/or other valuable infrastructure within an organization and then threatening to release exfiltrated data from these machines to the internet unless a ransom is paid. Encrypted data also has the file extension “.PLAY”.
Editor/sel
Matching articles on the topic
[starbox id=USER_ID] <🔎> ff7f00