New ransomware gang takes credit for Blue Yonder cyberattack

New ransomware gang takes credit for Blue Yonder cyberattack

New ransomware gang takes credit for Blue Yonder cyberattack

Threat actors finally claimed responsibility for the Blue Yonder cyberattack that occurred last month.

Discovered on November 21, the supply chain attack affected several major organizations including Starbucks, Morrisons and Sainsbury’s.

In an update published on December 1, Blue Yonder said its recovery process has begun and customers are restoring systems.

However, no threat actor had so far claimed responsibility for the incident. Ransomware gang Termite has now listed Blue Yonder on its dark web leak site.

“Our team obtained 680 GB of data, such as database dumps. Email lists for future attacks (16,000+) Documents (200,000+) Reports Insurance documents,” the threat group said.

“Check for updates. Data links will be available soon.”

Blue Yonder also disclosed that threat actors had made allegations that they had stolen data, adding that it has notified affected customers and is collaborating with experts to address the claims.

“Following the recent ransomware attack, Blue Yonder worked with third-party cybersecurity companies and strengthened our defensive and forensic protocols. “We have notified customers who were affected by operational disruptions and have been working with them throughout the restoration process,” the company said in its latest update.

“We are aware that an unauthorized third party claims to have taken certain information from our systems. We are working diligently with third-party cybersecurity experts to address these claims. “The investigation is ongoing.”

Termite ransomware is a newly observed operation, first identified in November 2024.

The company only has a handful of victims on its site, with Blue Yonder being the most recent list. Other victims include Nifast and Oman Oil.

As a result of their recent appearance, not much is known about the group; However, it has been identified that they participate in double extortion, blackmail and direct extortion techniques and that they leak free data.

Leave a Reply

Your email address will not be published. Required fields are marked *