Thales Says Data Originated From Partner Collaboration Portal Akshaya Asokan (asokan_akshaya) • November 14, 2022 Thales Group corporate headquarters in the La Défense business district of Paris (Image: Shutterstock)
French defense multinational Thales confirmed Friday that ransomware group LockBit published internal documents, emphasizing in a public statement that its operations were unaffected by the hack.
The digital extortion gang added Thales to its list of hacking victims in late October, giving the 1.6 billion-euro electronics, avionics and troop transport maker until Nov. 7 to pay a ransom. Among the 9.5 gigabytes worth of records listed by hackers are Thales’ account files, details regarding software applications and other data that LockBit describes as “high-risk and confidential.”
Thales says the source of the leak is likely the compromised user account of an online partner collaboration site.
“Thales reiterates that, as of now, there is no impact on the Group’s operations,” the company says.
LockBit is a prolific ransomware group. It has been active since late 2019 and is often considered the winner of the contest to succeed Conti as the world’s most recognized digital extortion gang. In June, it released version 3.0 of its ransomware with a call to “Make Ransomware Great Again!” (see: Keys to LockBit’s Success: Self-Promotion, Technical Acumen).
Canadian law enforcement recently arrested suspected LockBit affiliate Mikhail Vasiliev, 33, in Ontario in an international sting conducted with the involvement of the FBI and the French National Gendarmerie. U.S. authorities are seeking his extradition to New Jersey, where he faces federal charges of conspiracy to commit computer intrusion.