The Dark Web Threat: APT73's Attack on Trifecta Technologies
Ransomware Attack on Trifecta Technologies by APT73
Company Profile: Trifecta Technologies, Inc.
Trifecta Technologies, Inc., a subsidiary of the publicly traded company Perficient Inc., is a custom software development and consulting firm specializing in Salesforce solutions. Founded in 1991 and based in Allentown, Pennsylvania, Trifecta employs 49 individuals in the U.S. and is recognized for its ethical principles, customer satisfaction, and employee development. The company boasts over 250 Salesforce certifications and has been involved in co-creating Salesforce certification exams.
Trifecta's commitment to innovation and customer success has made it a preferred partner for many high-profile clients, contributing to its reputation as a "Top Place to Work" in its community. However, its high-profile client base and extensive access to sensitive Salesforce data may also increase its attractiveness as a target for cyber-attacks.
Details of the Attack
APT73, a newly emerged ransomware group, has claimed responsibility for the attack on Trifecta Technologies. The group announced the breach on their dark web leak site, listing Trifecta as their first major victim. The leaked data reportedly includes WiFi passwords, Salesforce credentials, security tokens, and other sensitive information such as client documents, payroll, and financial data, totaling 3.6 GB.
The attack underscores the vulnerabilities associated with handling extensive customer data and maintaining a high digital profile. The specific vector for the attack has not been disclosed, but APT73 is known for using phishing tactics to compromise organizational systems.
APT73 Profile and Tactics
APT73 appears to operate with a modus operandi similar to that of the more established LockBit ransomware variant, with a focus on targeting organizations through phishing and other deceptive measures. Their operational infrastructure is based in Prague, Czechia, and they utilize a TOR-based data leak site for publicizing their attacks. Despite their recent emergence, the sophistication of their attacks suggests a significant threat level to organizations with valuable data.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!