"'Justice Blade' Hackers Are Targeting Saudi Arabia"

The 'Justice Blade' threat actor group published leaked data from Smart Link BPO Solutions, an outsourcing Information Technology (IT) vendor that works with major enterprises and government agencies in Saudi Arabia and other Gulf Cooperation Council (GCC) countries. The malicious actors claim to have stolen a large amount of data, including Customer Relationship Management (CRM) records, personal information, emails, contracts, and account credentials. Justice Blade also set up a Telegram account with a private communication channel. Based on the attackers' screenshots and video, the incident could have occurred as a result of a targeted network intrusion impacting Active Directory (AD) as well as internal applications and services. They also released screenshots of active Remote Desktop Protocol (RDP) sessions and Office 365 communications between various companies in the region, along with several lists of users containing over 100,000 records likely related to FlyNas (airline company) and SAMACares (initiative managed by Saudi Arabia Central Bank). According to Resecurity, Inc., which protects major Fortune 500 companies, the data breach could be one of the region's first significant supply chain cybersecurity incidents due to an overlap between an enterprise and the government sector. Threat actors could use the stolen data to target other companies and individuals of interest. Multiple leaked credentials belonging to Smart Link BPO Solutions have previously been identified in the dark web and various underground marketplaces in the TOR network, which could be used by the Justice Blade group to conduct successful cyberattacks. The information currently available shows that the announcement of the attack began with the defacement of a corporate website around November 2 and progressed as a "hack-and-leak" operation. Before that, on October 30, the victim company presumably detected Metasploit Framework activity, which was deployed by the bad actors post-compromise. According to leaked company communications, the compromised account of an employee was most likely used to carry out the attack. There is no evidence that the attack was financially motivated since there have been no ransom demands registered. This article continues to discuss the Justice Blade group publishing leaked data from Smart Link BPO Solutions. 

Security Affairs reports "'Justice Blade' Hackers Are Targeting Saudi Arabia"