New ransomware gang claims Blue Yonder cyberattack
Malicious actors have finally claimed responsibility for the Blue Yonder cyberattack that occurred last month.
Discovered on November 21, the supply chain attack affected several large organizations, including Starbucks, Morrisons and Sainsbury’s.
In an update released on December 1, Blue Yonder said its recovery process had begun and customers were restoring their systems.
However, until now, no threat actor had claimed responsibility for the incident. The Termite ransomware gang has now listed Blue Yonder on its Dark Web leak site.
“Our team obtained 680 GB of data such as database dumps, mailing lists for future attacks (over 16,000), documents (over 200,000), reports, insurance documents ” the threat group said.
“Check for updates. Data links will be available soon.
Blue Yonder also announced that threat actors had made accusations that they had stolen data, adding that it had notified affected customers and was working with experts to address these claims.
“After the recent ransomware attack, Blue Yonder worked with external cybersecurity companies and strengthened our defensive and forensic protocols. We have notified customers who were impacted by operational disruptions and worked with them throughout the restoration process,” the company said in its latest update.
“We are aware that an unauthorized third party is claiming to have extracted certain information from our systems. We work diligently with external cybersecurity experts to respond to these claims. The investigation is still ongoing. »
Termite ransomware is a recently observed operation, first identified in November 2024.
The company only has a handful of victims on its site, with Blue Yonder being the most recent list. Other victims include Nifast and Oman Oil.
Due to its recent emergence, little is known about the group; however, they have been identified as engaging in double extortion, blackmail and outright extortion techniques and disclosing gratuitous data.