HQ/EMEAFind out how we can help your business
Our threat researchers in iZOOlogic have recently discovered an alleged cyberattack on a Singaporean construction company, Expand Group. This report was spotted during our research team’s routine dark web monitoring, which involved the prolific Hive ransomware gang adding the construction company to their list of victims.
Expand Construction Pte Ltd, or the Expand Group, is a Singapore-based leading home-grown construction group established in July 2000. The construction company is the main contractor that caters to building residential, industrial, and special niche projects, boasting notable and iconic construction projects to its clients and a whopping $13 million in revenue.
The Hive ransomware gang has allegedly stolen various corporate data from Expand Group.
Based on our team’s analysis, the Hive ransomware gang shared some samples on their dark web platform of the stolen files allegedly acquired from Expand Group’s hacked systems. Additionally, the ransomware group’s post indicated that they encrypted the construction firm’s systems on November 27 at 5 PM, although they only disclosed the attack last December 14.
Furthermore, our team also found details about which data was stolen from the victimised company. These data include construction project plans, contract folders, finance and accounting folders, and company track records. Many HR documents have also been stolen from Expand Group, including its employees, staff, and trainees list, also believed to be containing more sensitive details about individuals that threat actors could abuse.
There currently is no released statement from the affected company. Our team will share more details about this incident once updates are available.
CISA recently shared an advisory detailing the Hive ransomware group’s tactics, techniques, procedures (TTPs), and indicators of compromise (IOCs). The cybersecurity agency stated that as of November 2022, the threat group has already targeted about 1,300 organisations worldwide, collectively allowing them to gain over $100 million in ransom payments.
Some notable victimised sectors of the ransomware group include healthcare institutions, retailers, NGOs, and energy providers. Thus, its attack on the construction firm Expand Group implies that the gang is flexible about its targeted sectors as long as they can gain ransom profit from them.
