A significant portion of the cybersecurity incidents currently recorded are due to some failure or omission of a third party, which ends up affecting many other companies. An American company that works as a supplier to firms such as Tesla and SpaceX has suffered a leak of private business documents belonging to its main customers.
The group of threat actors responsible for this leak is known as DopplePaymer, and has been revealing some confidentiality agreements signed between Visser Precision, the attacked company, and its customers, including both firms led by Elon Musk. In addition, hackers threaten to keep leaking private information unless they receive a payment for an undisclosed amount.
Hours after the rumor began circulating a
spokesman for Visser Precision confirmed the incident, mentioning that hackers
managed to extract the confidential information. In addition, the spokesman
added that the cybersecurity incident is already being investigated and that
the firm’s operations are carried out normally.
It is not yet clear how hackers managed to
compromise the company’s networks, although cybersecurity experts consider it
highly likely to be a ransomware
incident that also involves the theft of sensitive information. When questioned
about the nature of the information extracted by hackers, the company’s
spokesman only mentioned that, because the investigation is still ongoing, he
is not allowed to add more details.
This hacker group has recently gained notoriety
due to its involvement in the theft of information from other firms, including Boeing,
Lockheed Martin and Blue Origin, a space exploration company owned by
billionaire Jeff Bezos. Another firm going through a similar situation is PEMEX,
an oil company controlled by the Mexican State.
Ransomware attacks alone are already a
considerable threat to companies, although this is an example that everything
can get worse. According to the International Institute of Cyber Security
(IICS), it is prudent to start wondering whether ransomware attacks
should be considered data breaches as well, as sometimes affected companies
simply recover their files, without thinking where attackers could also find a
way to extract sensitive information from their networks.