Deepweb researcher DarkFeed has taken to Twitter to announce they have discovered an attack at the hands of the Hive hacking group against Indonesian energy company Perushaan Gas Negare (PGN).
🌐 Hive #Ransomware team ransomed another huge energy company 🚨
Perusahaan Gas Negara is a state-owned natural gas company operated by the Indonesian government with $3 billion in revenue from Indonesia 🇮🇩#Hive pic.twitter.com/WTw5nsaicF
— DarkFeed (@ido_cohen2) April 3, 2022
PNG hasn’t confirmed the compromise yet, but according to the website Cyberthreat.id the PGN website was inaccessible on Monday morning.
“Hive are a ransomware gang who run a RaaS affiliate program. Little is known about its membership makeup, though its PR forum accounts suggest it is Russian in origin,” explained Dr. Gareth Owenson, CTO at Searchlight Security. “They keep their promotional activities to private ransomware-focused forums, and even then their PR accounts rarely disclose which ransomware gang they are recruiting for.”
Searchlight Security is an intelligence firm whose toolset is used by law enforcement and cyber threat intelligence investigators and security professionals to monitor suspicious activity on the Darkweb. Dr. Owenson explained that, even though the attack vector against PGN is still unknown, their Cerberus OSINT search returned a dozen credentials associated with the company exposed online, including email-password combinations. “Hive is known to access victim networks through compromised VPN connections or phishing emails, both of which could be facilitated by these leaked credentials, explained Dr. Owenson.
When discussing Hive’s modus operandi and motivations, Dr. Owenson explained that Hive should be understood as a financially motivated actor, with the primary goal of extracting revenue from its victims. “Hive’s choice of targets is quite varied, in sector and location, which does not suggest a specific political or ideological influence. The group have proven themselves not to be above attacking entities sometimes considered “off-limits” by other gangs, including those in healthcare and education sectors,” he said.
The CTO also said that, since the risk of ransomware attacks against organisations continues to increase rapidly, CISOs should be on high alert. “A large part of the challenge in preventing such attacks is a lack of visibility of the threat; investment in deep and dark web intelligence and monitoring can give CISOs greater visibility of where the gaps exist in their organisations defences,” he explained.