Threat actors who call themselves “Justice Blade” have posted data leaked from outsourced IT vendors.
A group of threat actors who call themselves ‘Justice Blade’ have published data leaked from Smart Link BPO Solutions, an outsourced IT vendor that works with major corporations and government agencies in the Kingdom of Saudi Arabia and other countries within the GCC.
Malicious actors claim to have stolen significant amounts of data, including CRM records, personal information, email communications, contracts, and account credentials.
On the same day, Justice Blade also created a Telegram account with a personal communication channel. In screenshots and videos leaked by attackers, the incident may have occurred as a result of a targeted network breach affecting Active Directory and internal applications and services.
The malicious user also allegedly involved FlyNas (an airline company) and SAMACares (an initiative managed by the Central Bank of Saudi Arabia) with more than 100,000 records and screenshots of active RDP sessions and Office 365 communications between multiple companies in the region. We have published several user lists. .
According to Resecurity, Inc. (USA), to protect a major Fortune 500 company, a data breach could be one of the first significant supply chain cybersecurity incidents in the region due to duplication between the corporate and government sectors. Threat actors can use the stolen data to target other interested companies and individuals.
Security experts noted that multiple leaked credentials belonging to the Smart Link BPO solution have previously been identified in various underground markets on the Dark Web and TOR networks, and that the “Justice Blade” can be leveraged to conduct successful cyberattacks. According to currently available data, the announcement of the attack began around November 2nd with the compromise of the company’s website and proceeded as a ‘hack-and-leak’ operation. Prior to that, on October 30, the activity of the Metasploit Framework was presumed to have been detected by the victim company, which was then distributed by malicious actors after the breach.
Leaked communications between company employees suggest that the compromised employee’s account may have been used in the attack.
In particular, there is no evidence that the attack could be financially motivated, as no ransom claims have been registered yet. “Justice Blade” appears to be an ideologically motivated group targeting Saudi Arabia by posting pictures of government officials on websites for data breach posting.
Smart Link BPO Solutions is a division of Al Khaleej Education and Education Group. In 2012, AL Khaleej Group was named one of the 100 Most Powerful Companies in the GCC Region by Forbes Middle East 2012.
It is not yet clear whether the incident has anything to do with escalating tensions between Iran and Saudi Arabia. As the Associated Press reported, recently Saudi Arabia shared intelligence With US officials suggesting that Iran could prepare for an impending attack on Saudi Arabia.
According to several sources, law enforcement and federal regulators are investigating the case to ascertain the full scope and eventual impact of the breach.
Follow me on Twitter: @securityaffairs and Facebook
(security work – Hacking, Justice Blade)
share