8Base attacks Speedy
The 8Base Cybercrime Group Compromises Speedy in France
Background
The 8Base cybercrime group has reportedly compromised Speedy in France. The group exfiltrated various sensitive documents and personal data from the company.
About Speedy
Speedy is a French company that specializes in retailing tires, batteries, filters, mechanical equipment, and accessories such as windshield wipers, number plates, and spark plugs. They also offer maintenance packages, repair services, and an online shopping website for customers.
8Base Cybercrime Group
The 8Base ransomware gang emerged in March of 2022 and has become one of the most active groups today. They target organizations in business services, manufacturing, and construction sectors. The group is believed to be connected to experienced RaaS operators like Ransomhouse.
Modus Operandi
8Base engages in data exfiltration for double extortion and uses advanced security evasion techniques. They have been known to modify Windows Defender Firewall for bypass. The group primarily uses customized Phobos with SmokeLoader for their attacks and wipes Volume Shadow Copies (VSS) to prevent rollback of encryption.
Targets and Tactics
8Base focuses on Windows targets and tends to target organizations in Business Services, Manufacturing, Financial, and Information Technology sectors. They do not appear to have a RaaS program but instead choose victims opportunistically. The group uses a "name and shame" tactic via their leaks site to compel payment of ransom demands.
Disclaimer
The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources. By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!