Exclusive: Top Australian mechanic Ultra Tune suffers suspected cyberattack
Malicious actors have listed major Australian mechanics and roadside assistance franchise Ultra Tune on the dark web, claiming to have stolen sensitive data.
On October 18, the threat group Fog listed Ultra Tune on its dark web leak site, claiming to have exfiltrated three gigabytes of data from the company’s systems.
The company said it needed human resources, personal employee data, customer contact data and “databases containing numerous [sic] internal company information.
This data would include driving licenses, passports, medical certificates, etc.
Other than that, Fog provided little to no information about the incident. Additionally, the nature of the incident is unknown, with no deadline or ransom publicly set for registration, suggesting it may not be a case of ransomware.
Cyber Daily has contacted Ultra Tune for a statement on the incident.
The Fog ransomware group is a young threat actor, first identified on May 2, 2024 by Arctic Wolf researchers.
The group shares tactics and similarities with other threat groups, but Cyber Centaurs researchers suggest its attacks prioritize “speed and effectiveness over the more complex, multi-stage attacks seen in other contemporary ransomware operations.”
The Cyber Centaurs report also suggests that the group does not operate a leak site or resort to data exfiltration to speed up its operations. However, the Ultra Tune breach shows that the group launched a leak site, all of which dates back to October 2024.
Alongside Ultra Tune, the group listed only two other organizations: Cordogan Clark and Associates and Fromm Beauty.
Cyber Daily will continue to provide updates on this developing story as it develops.