The Dark Web Threat: APT73's Attack on Trifecta Technologies

Incident Date: Apr 25, 2024

Attack Overview
VICTIM
Trifecta Technologies, Inc.
INDUSTRY
Business Services
LOCATION
USA
ATTACKER
APT73
FIRST REPORTED
April 25, 2024

Ransomware Attack on Trifecta Technologies by APT73

Company Profile: Trifecta Technologies, Inc.

Trifecta Technologies, Inc., a subsidiary of the publicly traded company Perficient Inc., is a custom software development and consulting firm specializing in Salesforce solutions. Founded in 1991 and based in Allentown, Pennsylvania, Trifecta employs 49 individuals in the U.S. and is recognized for its ethical principles, customer satisfaction, and employee development. The company boasts over 250 Salesforce certifications and has been involved in co-creating Salesforce certification exams.

Trifecta's commitment to innovation and customer success has made it a preferred partner for many high-profile clients, contributing to its reputation as a "Top Place to Work" in its community. However, its high-profile client base and extensive access to sensitive Salesforce data may also increase its attractiveness as a target for cyber-attacks.

Details of the Attack

APT73, a newly emerged ransomware group, has claimed responsibility for the attack on Trifecta Technologies. The group announced the breach on their dark web leak site, listing Trifecta as their first major victim. The leaked data reportedly includes WiFi passwords, Salesforce credentials, security tokens, and other sensitive information such as client documents, payroll, and financial data, totaling 3.6 GB.

The attack underscores the vulnerabilities associated with handling extensive customer data and maintaining a high digital profile. The specific vector for the attack has not been disclosed, but APT73 is known for using phishing tactics to compromise organizational systems.

APT73 Profile and Tactics

APT73 appears to operate with a modus operandi similar to that of the more established LockBit ransomware variant, with a focus on targeting organizations through phishing and other deceptive measures. Their operational infrastructure is based in Prague, Czechia, and they utilize a TOR-based data leak site for publicizing their attacks. Despite their recent emergence, the sophistication of their attacks suggests a significant threat level to organizations with valuable data.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.