An organisation called Marketo is selling data from Fujitsu on the dark web, although the business claims the material “appears to be tied to customers” rather than their own systems.
Marketo announced on its leak site on August 26 that it hadstolen 4 GB data and was selling it. They claimed to have private customer information, company data, budget data, reports, and other company papers, including project information, and gave samples of the data.
Initially, the group’s leak site stated that there were 280 bids on the data, but it currently displays 70 bids, including one today.
A Fujitsu spokeswoman downplayed the event, telling ZDNet that it was unrelated to a case in May in which hackers did stole data from the Japanese government agencies using ProjectWEB platform of Fujitsu.
“We are aware that information purporting to have come from our site has been published to the dark web auction site ‘Marketo.'” The source of this data, including whether it came from our systems or the environment, is unknown, according to a Fujitsu spokeswoman.
“We will refrain from commenting on the details because this involves information that looks to be relevant to clients.”I suppose you recollect Project WEB’s most recent incident in May, but there is no indication that this involves ProjectWEB information, and we believe this situation is unrelated.”
Cybersecurity specialists such as EtayMaor, senior director of security strategy at Cato Networks, questioned the amount of bids on the data, pointing out that the MarketoCompany owns the website and could simply manipulate the number to put pressure on buyers.
Marketo, on the other hand, is recognised to be a reliable source, according to Ivan Righi, a cyber-threat intelligence analyst at Digital Shadows.
The veracity of the material stolen, according to Righi, cannot be validated, but prior data leaks by the group have been found to be real.
“As a result, it’s likely that the information on their website is accurate. At the time of writing, Marketo had only revealed a 24.5 MB ‘evidence package,’ which contained information about Toray Industries, another Japanese company. Three screenshots of spreadsheets allegedly seized in the hack were also shared by the group “Righi stated his opinion.
While Marketo is not a ransomware gang, it acts in a similar manner to ransomware threat actors, according to him.
“The organisation infiltrates businesses, obtains their data, and then threatens to release it unless a ransom is paid.” “If a corporation does not pay the ransom demanded by the threat actor, its data is finally leaked on the Marketo data leak site,” Righi told ZDNet.
“An evidence package with some data taken from the attack is normally provided whenever a company is put on the Marketo site.” If the ransom is not paid, the organisation will continue to threaten the companies and expose data on a regular basis.While the group’s website does feature an auction area, not all victims are listed there, and Fujitsu has not been placed up for public auction as of this writing. The source of the 70 bids is unknown, but it’s plausible that they originated through closed auctions.”
In July, Digital Shadows published a report on the group, indicating that it was founded in April 2021 and frequently sells stolen data using a Twitter account called @MannusGott.
In recent days, the account has mocked Fujitsu, posting on Sunday, “Oh, the lovely, beautiful irony.” One of the largest IT service providers was unable to find suitable security.”
“The marketplace works in a similar way to other data leak sites, but with a few differences. Surprisingly, the group contains a ‘Attacking’ section that lists groups that are now under attack.The marketplace “allows users to register and includes a contact option for victim and press enquiries,” according to the Digital Shadows Photon Research Team.
“Victims are given a link to a secret chat room where they can negotiate.” Marketo includes a synopsis of the company, screenshots of allegedly hacked data, and a link to a “evidence pack,” also known as a proof, in each of the individual entries. They use a blind bidding mechanism to auction sensitive data in the form of a silent auction, where users place bids depending on how much they believe the data is worth.”
The gang has gone as far as sending samples of stolen data to a company’s competitors, clients, and partners in the past to embarrass victims into paying for their data back.
The group has listed hundreds of firms on their leak site, most notably Puma, and releases one every week, usually selling data from US and European corporations. At least seven industrial goods and services firms, as well as healthcare and technology firms, have been targeted.