The Hellcat ransomware group has claimed responsibility for cyberattacks on Swiss telecom company Ascom and British automaker Jaguar Land Rover (JLR). These attacks have led to the theft of sensitive data, including source code, contracts, and internal documentation.
Ascom Breach Details
On March 16, Hellcat added Ascom to its leak site, claiming to have stolen 44 gigabytes of sensitive data from the company, including contracts, development tools, and source code. Ascom confirmed the attack targeted its technical ticketing system, prompting the company to immediately shut it down. The company assured the public that no customer systems or business operations were affected. Ascom’s IT cybersecurity team is still investigating the incident.
JLR Data Theft and Stolen Credentials
At the same time, Hellcat also claimed to have stolen hundreds of gigabytes of data from JLR, a subsidiary of Tata Motors. The breach reportedly occurred via stolen credentials for Atlassian Jira, which were allegedly siphoned from LG Electronics employees. Hudson Rock, a cybersecurity firm, reported that these credentials, which date back to 2021, were used in the attack.
Hellcat is known for exploiting stolen credentials from infostealers, a tactic it has used in previous attacks on companies such as Schneider Electric and Telefonica. Despite the age of the stolen credentials, Hudson Rock noted that they were still valid at the time of the breach.
JLR’s Response
As of the publication of this article, JLR has not publicly confirmed the breach. SecurityWeek reached out to the company for comment but did not receive a response.
Cloak Ransomware Attacks Virginia Attorney General’s Office
In a separate incident, the Cloak ransomware group claimed responsibility for a cyberattack on the Virginia Attorney General’s Office (AGO) in February. The attack disrupted nearly all of the office’s systems and services, forcing employees to revert to paper court filings.
On March 20, Cloak added the Virginia AGO to its leak site, releasing stolen data. The group, active since late 2022, is known for using social engineering tactics and collaborating with initial access brokers. It has targeted over 65 victims, with 13 confirmed attacks.
Conclusion
The rise of ransomware groups like Hellcat and Cloak highlights growing cybersecurity threats to organizations worldwide. As cybercriminals increasingly exploit vulnerabilities, businesses and government agencies must remain vigilant in protecting sensitive data.
