BT Group confirms attackers tried to break into Conferencing division
Sensitive data allegedly stolen from US subsidiary following Black Basta post
BT Group confirmed it is dealing with an attempted attack on one of its legacy business units after the Black Basta ransomware group claimed they broke in.
Black Basta posted "BT Group" on its data leak site on Wednesday, although it wouldn't be the first time these types of crooks have overhyped an attack. In the small print, and confirmed to The Register in a company statement, the attack actually targeted a smaller business unit of the British telco, BT Conferencing, which is headquartered in Braintree, Massachusetts.
"We identified an attempt to compromise our BT Conferencing platform," a spokesperson said. "This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated.
"The impacted servers do not support live BT Conferencing services, which remain fully operational, and no other BT Group or customer services have been affected. We're continuing to actively investigate all aspects of this incident, and we're working with the relevant regulatory and law enforcement bodies as part of our response."
Black Basta claims to have stolen circa 500 GB worth of the unit's files relating to finance, NDAs, users, and more. A small sample of allegedly stolen data plastered to its website also includes scans of identity documents, visa-related documents, and employee bonus details, although it all appears to be old data going back to the previous decade.
- Microsoft says more ransomware stopped before reaching encryption
- Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability
- Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin
- London hospitals left in critical condition after ransomware attack
The ransomware group is among the most prolific in operation. Last year, blockchain boffins suggested Black Basta had accrued at least $100 million in revenue since spinning up in April 2022.
Since then, the group has received ongoing attention from authorities such as CISA, which updated its advisory earlier this year with the gang's methods. CISA estimates that more than 500 organizations have been targeted since the group's inception, including those operating critical infrastructure and healthcare services.
Examples of these attacks include those on UK regional water supplier Southern Water and American faith-based healthcare giant Ascension.
Other major hits also include outsourcing outfit Capita and the Toronto Public Library. ®