Hackers Attacking JBS Stole Data from Branches in Australia and Brazil

Hackers attacking JBS
Written by Emma Davis

The REvil (Sodinokibi) group, hackers who were attacking the world’s largest meat producer JBS in May this year, have been stealing data from the food giant’s branches in Australia and Brazil for several months.

According to experts from SecurityScorecard, the “reconnaissance” phase of the cyberattack began in February this year. The research refers to multiple public and private sources of information, dark web observations, and research tools such as NetFlow, which monitors digital traffic flows.

A spokesman for JBS USA challenged the experts’ findings and said they did not agree with the results of the preliminary investigation conducted by outside experts.

We found no evidence of the theft of company data or that the Brazilian subsidiary was affected by the attack. The investigation is ongoing.explained a representative of Nikki Richardson.

The researchers said they began collecting location data for JBS in Australia in March. Experts revealed the credentials of employees of the Australian branch of the company on the darknet right before the start of the hack.

During its investigation, SecurityScorecard discovered that TeamViewer traffic was directed to an IP address in India. This could mean that the attacker installed TeamViewer in the JBS Australia network environment. This action happened in the same time period as the data theft. The connection could be used to maintain access to the medium. Since TeamViewer supports file transfer, some data could also be stolen in this way.

SecurityScorecard also found evidence of data theft from JBS in Brazil in April and May this year, but it is not known how and where the hackers broke into the San Paolo food company.

As with other ransomware operations, attackers are likely interested in stealing data and possibly publishing it on the darknet if the victim doesn’t pay. Typically, hackers steal data before encrypting files and then use it to demand a ransom.the researchers explained.

Using global analytics, including Netflow, they have identified multiple data transfers from the JBS environment since March 2021.

For example, over 45 GB of data was transferred to the file sharing site Mega between March 1 and May 30, 2021. In addition, the data transfer was split into a dozen smaller transactions over a three-month period. Between March 1 and May 29, 2021, a total of 5 TB of data was transferred to Hong Kong.

Let me remind you that we also said that REvil Developers Made $1 Million Deposit on Hacker forum.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.