Who are the 'BlackSuit' hackers behind the CDK cyberattack hitting U.S. car dealers?

SAN FRANCISCO — A hack into software maker CDK Global has disrupted operations at auto dealerships across the U.S., the latest in a series of hacks where ransom-demanding cybercriminals target big companies by breaching behind-the-scenes software suppliers.

CDK makes software that is commonly used by car dealerships to process sales and other transactions. In light of the hack, many dealers have started processing transactions manually, according to local press reports.

Here is more about BlackSuit, the hacking group analysts say is behind the CDK hack:

Who/What is BlackSuit?

Not much is known about the group, but it emerged in May 2023. Analysts say it is a relatively new cybercriminal team spun off of an older and well-known Russia-linked hacking group named RoyalLocker.

RoyalLocker mostly hacked American companies and was a formidable hacker group borne out of another prolific gang named Conti. Royal was likely the third most persistent ransomware group after LockBit and ALPHV, according to analysts.

Yet, BlackSuit is not as aggressive as the others. The number of victims it lists on its data leak site suggests it does not have as many hacking partners as larger ransomware gangs, said Kimberly Goody, head of cybercrime analysis at Mandiant Intelligence.

“The majority of BlackSuit victims have been overwhelmingly based in the U.S., followed by the U.K. and Canada and span a wide range of sectors,” she said.

How many organizations has BlackSuit hacked?

It has breached at least 95 organizations globally, according to the security firm Recorded Future.

“The real number of BlackSuit victims is likely much higher,” the firm said by email.

These were mostly American organizations in areas such as industrial goods and education, according to a blog last month by the security firm ReliaQuest.

“We have seen Russian-speaking threat actors affiliated with BlackSuit soliciting partnerships in underground forums to provide access to companies, as recently as last week,” said Goody.

How does BlackSuit operate?

BlackSuit is known to carry out “double extortion,” which in cyber terms means it steals a victim organization’s sensitive data, locks up its systems, and also threatens to leak information.

Mandiant’s Goody said BlackSuit had provided hacking infrastructure to other smaller partner groups of cybercriminals known as “affiliates.” BlackSuit provided extortion-related support to its partners, including resources to harass victims or down their websites to pressure them into paying.

 

source

Picture of EbZoo

EbZoo

Are you ready to unlock a world of unbeatable deals and top-notch products? Look no further! EbZoo is your one-stop-shop for the finest quality offers curated just for you. Join the EbZoo family today and experience a world of convenience, quality, and limitless opportunities. Don't miss out on the best deals – shop at EbZoo now! 🛍️

Sign up for our Newsletter

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit

Join our Newsletter: Stay Ahead of the Game!!!

Don’t miss out on exclusive updates, valuable opportunities, and special discounts on our products! Subscribe to our newsletter and be the first to know about the latest news and offers. Join our community today and enjoy insider benefits and updates directly in your inbox.

Subscription Form
Added to wishlist! VIEW WISHLIST