HQ/EMEAFind out how we can help your business
A Swiss organisation dubbed Ascom disclosed that it suffered a cyberattack after the HellCat hacking group claimed it targeted its Jira servers.
The entity confirmed that its IT infrastructure was compromised after the attackers exploited its servers using suspected hijacked credentials. The company said in a press release that the threat actors broke into its technical ticketing system on Sunday and are actively investigating the situation.
This affected entity is a telecommunications firm with 18 branches in various countries specialising in wireless on-site communications.
The HellCat gang claimed responsibility for the Ascom cyberattack.
The HellCat hacking group claimed credit for the Ascom hack and said they obtained about 44GB of data, which might affect all of the company’s divisions.
On the other hand, the company said that the hackers hacked into its technical ticketing system. Hence, the incident did not influence the company’s commercial activities, and customers and partners do not necessarily need to take any preventive measures.
However, a HellCat member claimed they took source code for many products, project data, invoices, confidential papers, and ticketing systems that might impact Ascom. Still, the Swiss company did not offer technical information regarding the incident, although HellCat hackers frequently target the Jira ticketing system.
Jira is a project management and problem-tracking app widely used by software developers and IT teams to track and manage projects. The platform frequently contains sensitive data, such as source code, authentication keys, IT plans, client data, and project-related internal discussions.
Previous cases claimed by HellCat and confirmed by the targeted firms include Schneider Electric, Telefónica, and Orange Group. The gang breached these companies via Jira servers.
Experts warn the public that Jira has become a main target for malicious actors due to its centrality in organisational workflows and the volume of data it contains. This type of access can be used to move laterally, increase privileges, and extract sensitive data.
Credentials obtained by infostealers are easy to find, and some of them remain intact for years because firms neglect to include them in a regular rotation procedure. Hence, such attacks are likely to grow more common.
Companies that employ Jira software should be wary of the group’s activities as of now, as the hacking group is actively exploiting the application.
