Cactus ransomware operation breaches LA housing authority
The Housing Authority of the City of Los Angeles (HACLA) confirmed that ransomware group Cactus has breached its IT network and was able to exfiltrate corporate data.
HACLA is one of the largest public housing authorities in the United States. It has over 32,000 housing units for low-income families and an annual revenue of approximately $1.9 billion.
A spokesperson of HACLA said it recently suffered a cyberattack. “We’ve been affected by an attack on our IT network. As soon as we became aware of this, we hired external forensic IT specialists to help us investigate and respond appropriately,” he told BleepingComputer.
He goes on by adding that the company’s systems remain operational and will keep on delivering ‘important services for low-income and vulnerable people in Los Angeles’.
HACLA hasn’t confirmed when the attack was first noticed, what data was stolen or how many customers were affected.
The Cactus ransomware operation on the other hand claimed responsibility for the data breach. In a message on a hacking forum on the dark web, the gang says it exfiltrated 861 GB of sensitive data, including personally identifiable information, database backups, financial documents, executives employees’ personal data, customer personal information, corporate confidential data, and correspondence.
To prove their claims, Cactus uploaded an archive allegedly containing stolen files. As of yet, no ransom demands have been made.
Cactus is the name of a hacking group that’s been around since March 2023. The ransomware operation made a name for itself by using known tactics, techniques and procedures (TTPs) and custom scripts to disable security software and distribute ransomware. Since Cactus surfaced, it has added over 260 companies to its dark web data leak site.
This isn’t the first time HACLA has been hacked. In March 2023, the company revealed that the LockBit ransomware gang had access to its computer systems between January 15, 2022, and December 31, 2022.
According to HACLA’s breach notice at the time, the threat actor was able to lay its hands on full names, social security numbers, dates of birth, passport numbers, driver’s license numbers or state identification numbers, tax identification numbers, military identification numbers, government issued identification numbers, credit/debit card numbers, financial account numbers, health insurance information, and medical information.
When HACLA refused to pay the ransom demand, LockBit leaked all stolen files on January 27, 2023.
Your email address will not be published. Required fields are marked