Ransomware Attack on Lantronix Inc. by Hunters International Exposes 587.6 GB of Data
Ransomware Attack on Lantronix Inc. by Hunters International
Overview of Lantronix Inc.
Lantronix Inc. is a prominent American company headquartered in Irvine, California, specializing in industrial and enterprise Internet of Things (IoT) solutions. The company offers a comprehensive range of products and services, including device management, network switches, telematic gateways, IoT gateways, media converters, serial-to-ethernet device servers, and compute system-on-modules (SOM) and development kits. Lantronix serves various markets such as healthcare, energy, government, and transportation, and has an install base of over 60 million devices globally. The company employs approximately 357 people and reported a revenue of $33.3 million for the fiscal year ending June 30, 2023.
Details of the Ransomware Attack
Lantronix Inc. recently fell victim to a ransomware attack orchestrated by the Hunters International ransomware group. The attack resulted in the exfiltration of 587.6 GB of data, encompassing 906,225 files. The compromised data includes sensitive employee medical and background check records, a penetration test report, encryption DLL practices, patent applications, private accounting information, and data pertaining to the Chief Financial Officer (CFO). This breach highlights significant vulnerabilities within Lantronix's cybersecurity framework.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia. Investigations have revealed potential ties to Nigeria, although the group uses fake identities to conceal their true origins.
Penetration and Impact
The exact method of penetration used by Hunters International to infiltrate Lantronix's systems remains unclear. However, given the group's technical sophistication and the significant overlap with Hive ransomware, it is likely that they employed advanced tactics such as phishing, exploiting unpatched vulnerabilities, or leveraging compromised credentials. The attack has resulted in significant data breaches, financial losses, and reputational damage to Lantronix, underscoring the critical need for enhanced cybersecurity measures within the organization.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!