Austal USA has become the latest victim of the newly emerged Hunters International cybercrime gang. News of the attack first broke on the dark web site of Hunters International. The company has provided some details on their site and claims a sample file of 43 files is upcoming.
Austal USA has several contracts to build vessels for the US Navy. There will be significant concern that any data leaked by Hunters International will involve sensitive information. The leak of any information that affects those contracts will be of extreme concern. Among the programs it is involved in are US Coast Guard cutters, surveillance ships for the US Navy and modules for submarines and aircraft carriers.
In 2018, its parent company in Australia was also the subject of a ransomware and extortion attack. The company said that it wouldn’t engage with the attackers in that case and that no confidential information had been lost. It was later shown to have been caused by stolen credentials that were sold on the dark web.
This time around, the attackers are far more sophisticated. Much will depend on the information in 43 files that are due for release.
What does this mean?
Austal USA, on their website lists the programs they are the Primes on : “Austal USA is honored to be prime contractor of several major U.S. Navy and U.S. Coast Guard shipbuilding programs: the Coast Guard’s Heritage-class Offshore Patrol Cutter (OPC) and the Navy’s TAGOS-25 ocean surveillance ship, Landing Craft Utility (LCU) vessel, Expeditionary Medical Ship (EMS), Auxiliary Floating Dry Dock Medium (AFDM), Navajo-class towing, salvage and rescue ship (T-ATS), Independence-variant Littoral Combat Ship (LCS), and the Expeditionary Fast Transport (EPF). Austal is also building modules for the Virginia- and Columbia-class submarine programs and aircraft elevators for the Ford-class aircraft carriers.”
This alleged breach should be concerning to everyone, as not only does it possibly put sensitive and classified data at risk, but it also poses a potential threat to the safety of our warfighters. Currently, the “Hunters International” attackers .onion site lists a sample file of 43 files (87.2MB) as “Upcoming”
While DFARS clause 252.204-7012 expects all DoD contractors to report incidents within 72 hours, there is no actual requirement or penalty, except a potential for future contracts not being awarded. This is yet another reason for pushing for the CMMC framework, its actual implementation being long overdue, as CMMC is crucial for standardizing and strengthening cybersecurity practices across the defense industrial base.
Enterprise Times: What does this mean?
This caps a bad year for Austal USA. In March, the SEC charged three executives of the company for orchestrating a fraudulent revenue recognition scheme that allowed its parent company to meet or exceed analyst expectations.
If the 43 files do, indeed, contain sensitive data, this will get extremely complex. Given the nature of the programs Austal USA is involved in, there will be a lot of bidders for the information. It will place extreme pressure on the company to pay up to prevent the information from getting into the hands of other governments.
Hunters International emerged a few months ago, around the time of the demise of the Hive ransomware. Hive was being disrupted by the FBI and law enforcement from the Netherlands and Germany. It is believed that it handed the source code and contacts to those who are now part of Hunters International.
Enterprise Times has asked Austal USA for comment. At the time of going to press, they had not responded.