Cyber security analysts have reported that a series of recent ransomware assaults linked to dark web hackers were carried out by the new extortion group “Donut Leaks”.
The most recent hacks include an international construction company registered in the United Kingdom as Sando. Reportedly, other victims are the UK architectural firm Sheppard Robson and the Greek natural gas utility DESFA.
In analytical data, the security analysts reported that their investigations revealed that the latest malicious hacking attacks in 2022, are all linked to a new extortion gang dubbed with the crude moniker; ‘Donut Leaks’.
So far, only the Greek natural gas utility DESFA has reported that its company was recently hacked by hackers. But this enlightenment came after the Ragnar Locker hackers released screenshots of the company’s stolen data.
Donut Leaks’ Victims
However, while the hackers may have targeted far more companies, the documented hacking attacks revealed only two victims, and with no further information about the criminal hackers.
Another victim of the Donut Leaks cyber attacks, Sheppard Robson, also revealed that its private database network was hijacked by a ransomware attack. The company additionally reported an extortion attempt that was made earlier in the month, and also has withheld information about who may be involved in breaching its computer network.
Meanwhile, the Hive Ransomware hacking group has claimed responsibility for the cyber attack on the Sando company, which happened in July. However, these hackers could only showcase a very small bundle of files as ‘evidence’ to prove that they have successfully carried out the hacking attack on the Sando website. But strangely, the compromised information for both victims has only surfaced after a previously unreported data leak.
Then suddenly the Donut Leaks’ hackers admitted to the recent cyber hacks, but the data breach website used by this group of hackers, were previously linked to an unidentified extortion organization. Furthermore, the Donut Leaks’ hackers divulged a more extensive amount of stolen data than the other ransomware sites, which suggested that this new group of hackers is responsible for this latest reported ransomware attacks.
About Donut Leaks
According to information gathered by BleepingComputer, ‘Donut Leaks’ was recently discovered by cyber security analysts. These threat actors’ ammo is to infiltrate businesses’ private networks and steal privileged data. However, after they have collected the stolen data, they would contact each of their victim’s business partners, and even employees, where they would direct them to the URLs of their Tor extortion sites.
On the Tor websites, the hackers include a blog with defamation information, also a data repository where users can browse and download all of the stolen data released by them. So far, postings for five victims are found in the defamatory blog.
Donut Leaks, one of the most aggressive groups of threat actors of 2022, employs the most devastating tactics in its defaming blog entries. It’s reported that for a particular business, the Donut Leaks’ hackers have released some stolen Christmas party images, and a protracted negative tirade that was recorded against the company.