The Blackbasta extortion group has claimed responsibility for hacking Atlas, one of the United States’ largest national fuel distributors.
Atlas serves as a major fuel distributor across 49 continental US States, handling over 1 billion gallons annually.
According to researcher Dominic Alvieri, the Blackbasta extortion group listed the company as a victim on its Tor leak site.
The cybercriminals allege to have accessed 730GB of data from Atlas, comprising various corporate information such as accounts, HR, finance, executive details, departmental data, as well as user and employee data.
As proof of their breach, the gang published several documents, including ID cards, data sheets, payroll payment records, and an image of the folder extracted from the victim’s systems.
Despite these claims, the oil company has not officially confirmed the alleged incident.
Operating since April 2022, the Black Basta group follows a double-extortion attack model, commonly employed by ransomware operations.
In November 2022, Sentinel Labs researchers uncovered evidence linking the Black Basta ransomware gang to the financially motivated hacking group FIN7.
Furthermore, the Cybereason Global SOC (GSOC) team observed a surge in Qakbot infections leading to Black Basta ransomware infections in the US as part of an aggressive malware campaign.
The attack chain typically begins with a QBot infection, followed by the use of the post-exploitation tool Cobalt Strike to seize control of the machine, culminating in the deployment of the Black Basta ransomware. These attacks often initiate from spam or phishing emails containing malicious URL links.
Notably, the threat actors move swiftly upon gaining network access, sometimes obtaining domain administrator privileges within two hours and progressing to ransomware deployment in under 12 hours, as observed by Cybereason.
Source: securityaffairs.com
