Austal USA, a contractor for the U.S. Navy, verifies a cyberattack following a data leak
Austal USA, a leading shipbuilding company contracted by the U.S. Department of Defense and the Department of Homeland Security, has officially reported a cyberattack and is presently conducting a thorough assessment of the ensuing impact.
Recognized for its expertise in constructing high-performance aluminum vessels, Austal American subsidiary is currently working on diverse programs, most notably the production of Independence-class littoral combat ships for the U.S. Navy, each with a substantial value of $360 million.
Hunters International Claims Responsibility
The company’s disclosure follows a claim by the Hunters International ransomware and data extortion group, asserting successful penetration of Austal USA’s systems and substantiating their claim by revealing specific information.
In response to inquiries, a spokesperson for Austal USA confirmed the cyberattack to BleepingComputer and emphasized the swift and decisive measures taken by the organization to mitigate the incident:
“Austal USA recently discovered a data incident. We were able to quickly mitigate the incident resulting in no impact on operations.
Regulatory authorities, including the Federal Bureau of Investigation (FBI) and Naval Criminal Investigative Service (NCIS) were promptly informed and remain involved in investigating the cause of the situation and the extent of information that was accessed.
No personal or classified information was accessed or taken by the threat actor. We are working closely with the appropriate authorities and will continue to inform any stakeholders impacted by the incident as we learn new information.
Austal USA recognizes the seriousness of this event and the special responsibility we have as a DoD and DHS contractor. Our assessment is on-going as we seek to fully understand this incident so that we can prevent a similar occurrence.”
Hunters International, identified as a ransomware-as-a-service (RaaS) entity and potentially a reiteration of the Hive ransomware gang, denied these allegations.
Despite acknowledging a shared codebase with Hive, the group maintains its independence, having acquired the encryptor source code following Hive’s dissolution.
Notably, the group emphasizes that their primary objective is not encryption but rather the exfiltration of sensitive data.
Hunters International’s Intent to Release More Data From Austal USA
The severity of the situation is further highlighted by Hunters International’s ominous declaration of intent to disclose additional purloined data, including compliance records, recruitment details, financial documents, certifications, and proprietary engineering data.
Austal USA, in its official statement, refrained from disclosing whether the threat actors successfully accessed confidential data related to engineering schematics or other proprietary U.S. Navy technologies.
This cyber incident aligns Austal USA with an expanding list of entities ensnared by the maneuvers of this emerging threat actor.
The gang’s data leak site currently lists a significant number of victims across diverse sectors and global regions, underscoring the widespread nature of their operations.