APT73 Strikes: Ransomware Attack on ServicePower

Incident Date: May 02, 2024

Attack Overview
VICTIM
Service Power
INDUSTRY
Software
LOCATION
USA
ATTACKER
APT73
FIRST REPORTED
May 2, 2024

Ransomware Attack on ServicePower by APT73

Company Profile

ServicePower Technologies PLC, headquartered in McLean, Virginia, is a prominent player in the field service management software sector. As of 2024, the company employs 158 individuals and reported annual revenues of $18 million. ServicePower is distinguished by its innovative platform that adeptly manages both employed and contracted workforces, facilitating on-demand field service across diverse and challenging locations in North America and Europe.

The company's robust platform supports a wide array of industries including insurance, energy, retail, electronics, and building technology, making it a critical component in the operational efficiency of these sectors.

Details of the Attack

APT73, a nascent ransomware group, has claimed responsibility for the cyberattack on ServicePower. The attack involved the deployment of ransomware and led to the exfiltration of approximately 0.328 gigabytes of data. This data primarily consisted of user credentials and miscellaneous sensitive information. While the specifics of the ransom demand have not been disclosed, the breach has resulted in the leakage of some of this data on APT73's dark web leak site, ERALEIGNEWS.

APT73: An Emerging Cyber Threat

APT73 has shown a pattern of targeting organizations through sophisticated phishing schemes, aiming to compromise systems and deploy ransomware. The group operates a TOR-based data leak site and is known for its LockBit-styled operational tactics. Despite its recent emergence, APT73 has quickly demonstrated its capability to execute significant breaches, as evidenced by the attack on ServicePower.

The group's infrastructure is hosted by M247 Europe SRL in Prague, Czechia, and utilizes AS9009, which is associated with various malicious activities. This suggests a level of sophistication in their operational infrastructure, despite their relatively new presence in the cyber threat landscape.

Vulnerabilities and Targeting

ServicePower's significant reliance on digital platforms to manage vast amounts of sensitive data likely made it an attractive target for APT73. The nature of the stolen data suggests that the attackers could have exploited weaknesses in the company’s cybersecurity measures, possibly through phishing attacks or exploiting unpatched vulnerabilities.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.