APT73 Strikes: Ransomware Attack on ServicePower
Ransomware Attack on ServicePower by APT73
Company Profile
ServicePower Technologies PLC, headquartered in McLean, Virginia, is a prominent player in the field service management software sector. As of 2024, the company employs 158 individuals and reported annual revenues of $18 million. ServicePower is distinguished by its innovative platform that adeptly manages both employed and contracted workforces, facilitating on-demand field service across diverse and challenging locations in North America and Europe.
The company's robust platform supports a wide array of industries including insurance, energy, retail, electronics, and building technology, making it a critical component in the operational efficiency of these sectors.
Details of the Attack
APT73, a nascent ransomware group, has claimed responsibility for the cyberattack on ServicePower. The attack involved the deployment of ransomware and led to the exfiltration of approximately 0.328 gigabytes of data. This data primarily consisted of user credentials and miscellaneous sensitive information. While the specifics of the ransom demand have not been disclosed, the breach has resulted in the leakage of some of this data on APT73's dark web leak site, ERALEIGNEWS.
APT73: An Emerging Cyber Threat
APT73 has shown a pattern of targeting organizations through sophisticated phishing schemes, aiming to compromise systems and deploy ransomware. The group operates a TOR-based data leak site and is known for its LockBit-styled operational tactics. Despite its recent emergence, APT73 has quickly demonstrated its capability to execute significant breaches, as evidenced by the attack on ServicePower.
The group's infrastructure is hosted by M247 Europe SRL in Prague, Czechia, and utilizes AS9009, which is associated with various malicious activities. This suggests a level of sophistication in their operational infrastructure, despite their relatively new presence in the cyber threat landscape.
Vulnerabilities and Targeting
ServicePower's significant reliance on digital platforms to manage vast amounts of sensitive data likely made it an attractive target for APT73. The nature of the stolen data suggests that the attackers could have exploited weaknesses in the company’s cybersecurity measures, possibly through phishing attacks or exploiting unpatched vulnerabilities.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!