An information technology company that supports U.S. defense and intelligence apparently was victimized by a ransomware attack.
BlackCat, a ransomware outfit also known by the names ALPHV and Noberus, alerted IT company NJVC about the breach.
"We strongly recommend that you contact us to discuss your situation," BlackCat told NJVC, according to a DarkFeed tweet early Thursday morning. "Otherwise, the confidential data in our possession will be released in stages every 12 hours.
"There is a lot of material. We look forward to your feedback. It's in your best interest."
NJVC, an IT company that supports the federal government and the Department of Defense, earns $290 million in revenue from the U.S., according to DarkFeed.
The Hacker News reported Monday that BlackCat ransomware members were spotted fine-tuning their malware arsenal to "fly under the radar and expand their reach."
Cybersecurity researchers at Cyderes and Stairwell reported last week that BlackCat was testing "data destruction" attacks – servers being completely corrupted and data being unretrievable if extortion demands aren't met.
BlackCat has been known to run a ransomware-as-a-service operation, which involves its core developers enlisting the help of affiliates to carry out the attacks in exchange for a cut of the illicit proceeds, The Hacker News reported.
ZDNet reported that BlackCat is believed to be a rebrand of BlackMatter, which in turn was a rebrand of DarkSide, the ransomware operation behind the Colonial Pipeline attack.
Colonial Pipeline, the largest U.S. oil products pipeline and source of nearly half the supply on the East Coast, was shut for several days in May 2021 after a ransomware attack the FBI attributed to DarkSide.
In July, National Security Agency Director Gen. Paul Nakasone said he was worried about election security before the November midterms, telling Bloomberg that "we are going to be full-bore against foreign interference and influence in our elections."
A group of Russian-based hackers, referred to as Calisto and Coldriver, launched phishing attacks on computer networks belonging to NATO, U.S.-based think tanks, and a Ukraine-based defense contractor, according to a new report from Google's Threat Analysis Group.