Security Alert Acer confirms breach of after-sales service systems in India

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,990
Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called "an isolated attack."

"Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India," an Acer Corporate Communications spokesperson told BleepingComputer.

"The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity."

While Acer didn't provide details regarding the attackers' identity behind this incident, a threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer's servers.

The allegedly stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India.

As proof, the threat actor provided a video showcasing the stolen files and databases, the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.
This is the second time the computer giant's systems have been breached this year after the ransomware attack claimed by REvil in March.

Acer was asked to pay $50,000,000 for a decryptor and to get back the stolen data, the largest publicly known ransom at that date (REvil broke their record in July, asking Kaseya to pay a $70 million ransom.)

When asked by BleepingComputer to confirm the March ransomware attack, Acer did not provide a clear answer, instead saying that they "reported recent abnormal situations" to relevant law enforcement agencies and data protection authorities.

To additional requests for more details, Acer replied by saying that "there is an ongoing investigation and for the sake of security, we are unable to comment on details."

Advanced Intel's Vitali Kremez told BleepingComputer that Advanced Intel's Andariel cyber intelligence platform spotted the Revil gang targeting a Microsoft Exchange server on Acer's domain before the attack.
 

LASER_oneXM

Level 37
Verified
Feb 4, 2016
2,597
The same hacker group claimed responsibility for an attack on the company's offices in Taiwan.
Acer has confirmed yet another cyberattack on its servers in Taiwan after their offices in India were hit less than a week ago by the same group.

The Desorden Group -- which claimed responsibility for both attacks -- contacted ZDNet and said part of why they conducted the second attack was to prove their point "that Acer is way behind in its cybersecurity effects on protecting its data and is a global network of vulnerable servers."

Acer spokesman Steven Chung told ZDNet that the company recently detected "an isolated attack on our local after-sales service system in India and a further attack in Taiwan."

"Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data," Chung said.
 
Last edited by a moderator:

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,990
Acer hacked twice in a week by the same threat actor
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable.

Last week, threat actors known as 'Desorden' emailed journalists to say they hacked Acer India's servers and stole data, including customer information.

Acer later confirmed the breach but stated it was an "isolated attack," affecting only their after-sales service systems in India.

Less than a week later, Desorden emailed BleepingComputer to say they breached Acer Taiwan's servers on October 15th and stole employee and product information.

They also shared images of an internal Acer Taiwan portal and CSV files containing login credentials for Acer employees.

The threat actors told BleepingComputer that they performed the attack to prove that Acer is still vulnerable.

"We did not asked for separate payment on the taiwan breach. it was meant to prove our point that Acer has neglected their cybersecurity." - Desorden.

Acer Taiwan took down the vulnerable server soon after the threat actors reported the breach to the company. However, the hacking group states that other servers in Malaysia and Indonesia are still vulnerable.

Yesterday, Acer confirmed the attack in a statement to BleepingComputer and said the Taiwan breach only involved employee data.

"We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity." - Acer.

In addition to these two breaches, Acer suffered another cyberattack in March 2021 after the REvil ransomware gang encrypted their network and demanded a $50 million ransom.

Desorden has a prior history of performing corporate breaches and leaking data if a ransom is not paid.

In September 2021, Desordern claimed to have breached ABX Express, a subsidiary of Kerry Logistics, and stolen 200 GB of data, including customers' personal information.
 
Top