The hackers have stolen information from the sportswear manufacturer Puma and are currently trying to extort money from the German company into paying a ransom demand, threatening to release the stolen files on a dark web portal specializing in the leakage and sale of stolen information.
The entry announcing the Puma data was added to the site more than two weeks ago, in late August, The Record learned.
“It was a PUMA source code for an internal application, which was leaked,” Robert-Jan Bartunek, Puma’s head of corporate communications, told The Record last week.
“No consumer or employee data was affected,” added Bartunek.
Hackers claim to be in possession of more than 1GB of Puma data.
To test their claims, the threat actors leaked some sample files that, based on their structure, suggest that the attackers might have obtained Puma’s data from a Git source code repository.
The data is currently listed on a dark web portal called Marketo. Launched in April of this year, the site works in a simplistic way.
At first, the site administrators list the next victims and then add some kind of proof (usually a small downloadable file) that they violated their network.
If the victim company does not cooperate with the hackers, their data is leaked on the site, either as a free download or for exclusive VIP members.
The site claims to list the data provided by multiple hacking groups and that it does not work with ransomware gangs.
“At this point, I can say that Puma has not yet contacted us,” the administrator of the dark web leak portal told The Record in a conversation last week.
“The rest of the data will be released if Puma declines the negotiations,” they added.
Other names currently listed on the site include names like Siemens Gamesa, Kawasaki, Fujitsu, and more than 20 others. In a statement to ZDNet’s Jonathan Greig, Fujitsu said last week that the data listed on Marketo was not connected to a cyberattack on its network, suggesting that it may have been obtained from a third party.
Author: Catalin Cimpanu