Data from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo, but the company said the information “appears related to customers” and not their own systems.
On August 26, Marketo wrote on its leak site that it had 4 GB of stolen data and was selling it. They provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents including information on projects.
Initially, the group’s leak site said it had 280 bids on the data but now, the leak site shows 70 bids for the data, including one bid today.
A Fujitsu spokesperson downplayed the incident and told ZDNet that there was no indication it was connected to a situation in May when hackers stole data from Japanese government entities through Fujitsu’s ProjectWEB platform.
“We are aware that information has been uploaded to dark web auction site ‘Marketo’ that purports to have been obtained from our site. Details of the source of this information, including whether it comes from our systems or environment, are unknown,” a Fujitsu spokesperson told ZDNet.
“Because this includes information that appears related to customers, we will refrain from commenting on the details. I assume that you may recall the last event of Project WEB on May, but there is no indication that this includes information leaked from ProjectWEB, and we believe that this matter is unrelated.”
Cybersecurity experts like Cato Networks senior director of security strategy Etay Maor questioned the number of bids on the data, noting that the Marketo group controls the website and could easily change the number as a way to put pressure on buyers.
But Ivan Righi, cyber threat intelligence analyst with Digital Shadows, said Marketo is known to be a reputable source.
Righi said the legitimacy of the data stolen cannot be confirmed but noted that previous data leakages by the group have been proven to be genuine.
“Therefore, it is likely that the data exposed on their website is legitimate. At the time of writing, Marketo has only exposed a 24.5 MB ‘evidence package,’ which contained some data relating to another Japanese company called Toray Industries. The group also provided three screenshots of spreadsheets allegedly stolen in the attack,” Righi said.
He explained that while Marketo is not a ransomware group, it operates similar to ransomware threat actors.
“The group infiltrates companies, steals their data, and then threatens to expose that data if a ransom payment is not made. If a company does not respond to the threat actor’s ransom demand, they are eventually posted on the Marketo data leak site,” Righi told ZDNet.
“Once a company is posted on the Marketo site, an evidence package is usually provided with some data stolen from the attack. The group will then continue to threaten the companies and expose data periodically, if the ransom is not paid. While the group does have an auction section on their website, not all victims are available in this section, and Fujitsu has not been put up for auction publicly at the time of writing. It is unknown where the 70 bids purportedly came from, but it is possible that these bids may originate from closed auctions.”
Digital Shadows wrote a report about the group in July, noting that it was created in April 2021 and often markets its stolen data through a Twitter profile by the name of @Mannus Gott.
The account has taunted Fujitsu in recent days, writing on Sunday, “Oh, the sweet, sweet irony. One of the largest IT services provider couldn’t find themselves an adequate protection.”
The gang has repeatedly claimed it is not a ransomware group and instead an “informational marketplace.” They contacted multiple news outlets in May to tout their work.
“The marketplace itself operates in a similar fashion to other data leak sites with some unique features. Interestingly the group includes an ‘Attacking’ section naming organizations that are in the progress of being attacked. The marketplace allows for user registration and provides a contact section for victim and press inquiries,” Digital Shadows Photon Research Team wrote.
“Victims are provided a link to a separate chat to conduct negotiations. Within the individual posts, Marketo provides a summary of the organization, screenshots of seemingly compromised data, and a link to an “evidence pack” otherwise known as a proof. They auction sensitive data in the form of a silent auction through a blind bidding system where users make bids based on what they think the data is worth.”
In the past, the group has gone so far as to send samples of stolen data to a company’s competitors, clients and partners as a way to shame victims into paying for their data back.
The group has listed dozens of companies on their leak site, including Puma recently, and generally leaks one each week, mostly selling data from organizations in the US and Europe. At least seven industrial goods and services companies have been hit alongside organizations in the healthcare and technology sectors.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Digitpol can assist with all stages of cyber related incidents.
Contact Digitpol’s hotlines or respond to us online.
UK +44 20 8089 9944