Exclusive: Kiwi telecoms company Compass Communications confirms ransomware attack
The RA World ransomware gang lists a New Zealand company as a victim and claims to have stolen 250 gigabytes of internal and customer data.
Ransomware gang RA World has listed Auckland-based telecommunications company Compass Communications as a victim on its darknet leak site, claiming to have stolen 250 gigabytes in the attack.
Compass Communications was listed overnight. According to the leaked message, the stolen data includes financial data, customer information, human resources data, and details of the company’s current projects.
No ransom amount was given, but the ransom deadline is January 1, 2025.
RA World also published a 26.9MB archive of sample data as evidence of the hack. This includes service contracts, financial statements and customer banking details.
Compass Communications confirmed the incident to Cyber Daily.
“Last week, our security monitoring detected unauthorized access to our system,” a Compass spokesperson told Cyber Daily.
“We took immediate action, engaging external security specialists and notifying the relevant government authorities, including the Privacy Commissioner.
“Our response continues and we are working hard to understand the full extent of the incident. Our initial investigation indicates that some customer information may have been accessed. Where we identify that customer information has been affected, we will contact those customers directly to manage any potential risks and provide appropriate support.
“As malicious cyber actors may monitor online media and comments to continue their activities, we will not comment further on the nature of the incident or the organizations assisting us at this time.
“We remain committed to the transparency and security of our customers’ data as we continue our investigation.”
RA World, which previously operated as RA Group, has been operational since at least April 2023, initially targeting organizations in the United States and South Korea.
According to security researchers at Cisco’s Talos Group, RA World uses a customized version of the Babuk ransomware gang, which encrypts a victim’s data, leaving enough functionality on a device for the victim to download and use the application qTox messaging service to contact the threat actor. .
RA World gains its initial access through misconfigured, internet-connected devices, and once inside a system, the group attempts to steal other credentials and move laterally across the network.
Researchers at Palo Alto Network’s Unit42 have identified a possible link between RA World and a Chinese threat actor known as Bronze Starlight, which itself was first observed in mid-year 2021.
Compass Communications provides broadband and mobile services to businesses and individuals and employs more than 100 people.
“We are an independent, 100% Kiwi-owned provider of internet and telecommunications services, established in 1995,” the company says on its website. “This makes our brand one of the oldest players in today’s telecommunications market.”