MAZE ransomware operators have stolen sensitive data from Westech, a company that supports the US Minuteman III nuclear deterrent.
The LGM-30 Minuteman is a U.S. land-based intercontinental ballistic missile (ICBM), in service with the Air Force Global Strike Command. As of 2020, the LGM-30G Minuteman III version[a] is the only land-based ICBM in service in the United States and represents the land leg of the U.S. nuclear triad, along with the Trident submarine-launched ballistic missile (SLBM) and nuclear weapons carried by long-range strategic bombers.
Threat actors first compromised the Westech’s network, then stole the documents before encrypting them. Then the attackers started leaking the files online to force the victim into paying the ransomware.
“It is unclear if the documents stolen by the criminals include military classified information, but files which have already been leaked online suggest the hackers had access to extremely sensitive data, including payroll and emails.” reads the post published by SkyNews that reported the news in exclusive.
“Court documents in the US allege that Russian cyber criminals with a financial motivation have collaborated with the intelligence services in order to steal classified government documents.”
Westech is involved with the nuclear deterrent as a sub-contractor for Northrup Grumman.
Security experts fear that hackers could attempt to sell stolen data about the nuclear deterrent on to a foreign state.
A Westech’s spokesperson told Sky News that the company was hit with ransomware and is currently investigating the security breach.
“We recently experienced a ransomware incident, which affected some of our systems and encrypted some of our files.” Westech’s spokesperson told Sky News.
“Upon learning of the issue, we immediately commenced an investigation and contained our systems.” “We have also been working closely with an independent computer forensic firm to analyse our systems for any compromise and to determine if any personal information is at risk.”
Recently Maze ransomware operators started publishing documents stolen from the ST Engineering group on their leak website.
(SecurityAffairs – Maze Ransomware, hacking)