HQ/EMEAFind out how we can help your business
The Croatian drone goggles manufacturer, Orqa, suffered a time-bomb ransomware attack that caused its FPV products to malfunction. The cybercriminal attack resulted from a recent conflict of interest with one of its previous contractors who were responsible for creating the firmware code.
Earlier last month, the Croatian drone manufacturers received reports from multiple countries about the failure in the everyday operations of its FPV[.] version one goggles. The malfunction caused the devices to undergo bootloader mode.
The company initially thought a bug in the firmware’s data and time feature caused the issue. Still, they later revealed that the incident resulted from a time-bomb ransomware attack orchestrated by its former contractor.
Orqa claimed that the contractor planned the incident and put the malicious code in the bootloader of its drone goggles.
Orqa explained that their former contractor planted the malicious code in the bootloader of their drone goggles to extort them in exchange for an additional license. The contractor had been with Orqa for numerous years and waited for the code bomb to detonate. The plan led to the compromise of the FPV[.] V1 goggles at the pre-set time.
The culprit of the alleged attack is a company called Swarg, which is also located in the same country. In addition, the physical address of the attacking firm is the same as the affected company, implying that both organisations are within an identical business park.
Next, the contractor posted an unauthorised binary file as an update on the device’s malfunction. The contractor demanded additional license renewal payment for the fix. The attacker claimed the copyright of the firmware code and implemented a time-limited license. The company added that users should renew their rights to recover the drone’s standard operation.
Orqa then issued a warning that urged users not to install an unofficial firmware version since it could be another piece of infectious code.
Cybersecurity experts suggest organisations should be vigilant of communication patterns with their affiliates to identify problems and avoid such incidents. Furthermore, it is advisable to utilise simple encryption software solutions to safeguard sensitive data and implement intrusion detection to prevent such campaigns.
