The GTAI - Germany Trade & Invest - , the foreign trade agency of the Federal Republic of Germany, was paralyzed by a hacker attack. The APT group PLAY published the attack on its leak page and claims to have captured a lot of sensitive data.
The GTAI states on its website that it is currently not available by email or telephone. The note on the GTAI website only briefly states that due to a hacker attack you can only be reached to a limited extent. We express our regrets to the visitors and are working to get the systems up and running again as soon as possible. Even the contact form on the website is currently unusable. The GTAI also states that it is not yet clear when the situation will return to normal.
APT group PLAY wants to be the attacker
She states the tasks of the GTAI as follows: "Germany Trade & Invest is the company of the Federal Republic of Germany for foreign trade and location marketing". So it does not belong to any ministry, but is funded by the Ministry for Economic Affairs and Climate Protection. The company offers direct access to all relevant players in the German economy. The GTAI occupies an important position and should also have a lot of sensitive data. PLAY states that they want precisely this data: private and personal confidential data, employee documents, passports, ID cards, tax and financial information. But according to experience, this is not really an indication, but a standard text that PLAY uses again and again.
Blackmail is certainly already underway, as PLAY uses specially developed ransomware to encrypt data for the attack. According to the leak page, PLAY wants to publish the first data on 19.05.23/XNUMX/XNUMX. The group always does this because they want to increase the pressure to pay. Unfortunately, that works all too often. A week or two later, the group then usually publishes all of the captured data or offers packages of it for sale on the dark web.
In few dates data should be published
It can be assumed that GTAI will not respond to the demands of the PLAY Group. That would be good too. It is smarter to start an information campaign with the money and also to overhaul the IT systems. CH MEDIA and Schirm Chemie have also proven that this is the right way to go. You haven't paid.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
Currently, the PLAY Group states that they have published 500 GB of data from CH Media and are also offering 138 GB of data from Schirm Chemie in an archive. Hacked companies should know that every paid attack finances 9 more - also on himself again.
Editor/sel
More at GTAI.de