Maze group, the threat actor infamous for targeting enterprises with Maze ransomware, seems to continue its attacking spree with full intensity. Now, it has targeted an aerospace maintenance service provider, that has several contracts with US government and airlines.
VT San Antonio Aerospace targeted
- Recently, it was disclosed that the Maze Ransomware gang targeted the systems of US aerospace services provider VT San Antonio Aerospace in March 2020.
- The threat actors used a compromised Administrator account, accessed via remote desktop connection, and attacked the company's domain controllers, intranet servers, and file servers on two domains.
- The group claims to have stolen 1.5 TB of unencrypted files, and a number of files and sensitive data has been posted on their leak site already.
Maze group wreaking havoc
Maze group seems to be working on a dedicated mission of targeting enterprises across the globe. Here is a quick summary of its recent activities:
- Within the first week of June, there have been disclosures from several high-profile organizations being targeted by Maze, including US military nuclear missile contractor Westech International, the global aerospace, and marine engineering group ST Engineering Group, Business Services giant Conduent, TekCollect & AmerAssist, the Smith Group, Kerr Controls and a bunch of other leaks including Bossini, Faxon Machining, GCL System, Critical Control Energy Services, Seats Inc, and Grupo Cocenzo.
- In May 2020, Maze was in news for its attacks and leaks related to BCR Bank, Pitney Bowes, Sparboe Companies, Mercury Insurance Group, Universal Windows & Door, Optimara, Andrew Cross & Co, etc.
- In April 2020, Maze created a huge buzz when it targeted the IT service giant, Cognizant.
To avoid threats like Maze, organizations must keep their operating systems and application software updated, avoid clicking on pop-up ads, opening unsolicited email attachments, and downloading cracked software from unoffocial sources.