A Parts Supplier for Tesla, SpaceX, and Lockheed Martin Has Suffered a Data Breach
After requests for comment from TechCrunch, Visser Precision, a Denver, Colorado-based manufacturer of parts for a variety of different industries, confirmed that it had suffered a cyberattack. For reasons that remain unclear for now, the company decided to share no details around the incident whatsoever, but for Zack Whittaker and Kirsten Korosec, two of the news website's reporters, finding out what had happened wasn't too difficult.
A ransomware infection, a data breach, or both?
Before we can have a proper look at what hackers did to Visser, we first need to talk about some of the trends in the online threat landscape. For a while now, ransomware operators have been focusing on companies rather than end users, which seems like the most logical thing in the world. A lot more is at stake with a business organization, and the size of the ransom demand can be much larger. It's not quite as straightforward as this, though.
Compromising an organization is a lot harder than compromising an individual user, and in the end, there can be no guarantee that the victim will pay up. In other words, there's the potential for a lot of work and absolutely no reward, and this is a risk the crooks are not willing to take.
To maximize their chances of a payout, the operators of some enterprise-targeting ransomware families like DopplePaymer and Maze are now stealing data from their victims before encrypting it. With this, they are not only giving themselves more blackmailing leverage, but they are also showing the world how dangerous their attacks can be sometimes.
The DopplePaymer operators have taken an even more sinister approach. They have a website called Dopple Leaks which they use to publish data stolen from companies that have been attacked by the ransomware but are refusing to pay up. In addition to publicly shaming victims who are reluctant to admit that they have had their data encrypted, this strategy leads to the exposure of a lot of sensitive information. Unfortunately, Visser Precision knows this all-too-well.
Visser Precision was hit by the DopplePaymer ransomware
It's difficult to say whether this was an attempt to cover up the incident, but the fact of the matter is that prior to TechCrunch's requests for comment, Visser Precision had said nothing about a cyberattack. The news outlet's reporters learned about it after Brett Callow, a researcher from Emsisoft, told them that the parts manufacturer's name had popped up on Dopple Leaks. This suggests that Visser got hit by DopplePaymer, refused to pay the ransom, and in retaliation, the crooks exposed data they had stolen from the company.
According to TechCrunch, the leaked information comes in the form of, among other things, non-disclosure agreements and other sensitive business documents, but to understand the scope of the situation, you need to take a look at some of Visser's partners.
Tesla, SpaceX, Boeing, and Lockheed Martin were all affected by the cyberattack
The crooks decided not to share all the files they had pilfered from Visser, which might be a hint that they are trying to monetize on the data that they left hidden. Nevertheless, both the volume and the nature of the information that was published are worrying. TechCrunch's reporters said that they saw business agreements between Visser and Tesla and SpaceX. The company manufactures parts for the likes of Boeing and Lockheed Martin, and some of the files that were leaked could make a lot of people feel uncomfortable.
TechCrunch's reporters noticed, for example, that among the exposed data, there was a schematic for a missile antenna that apparently contained "Lockheed Martin proprietary information." In fairness, the data dump probably doesn't include any tutorials for putting together an entire flying bomb, but Lockheed Martin's contracts with the US Army suggest that if some of the information falls into the wrong hands, the consequences could be pretty significant.