Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA

File image courtesy USN

PUBLISHED DEC 5, 2023 8:44 PM BY THE MARITIME EXECUTIVE

 

Australian-owned defense shipbuilder Austal USA has had an up-and-down year, and has already had to contend with a criminal prosecution, a money-losing tug bid, and turnover in the C-suite. This week, the cyber threat group Hunters International claimed that it hacked Austal and stole unspecified data, a claim which has been widely reported in the cybersecurity trade press but could not be immediately verified. 

In a list of new victims posted on its Dark Web site, Hunters International said that it has data from Austal's U.S. operation and will release up to 43 samples soon. If published or sold, Austal's proprietary data might have considerable value to a competing shipyard or a foreign nation. The firm holds multiple U.S. Navy orders, including a supply contract to build section modules for new nuclear submarines. (Austal did not immediately respond to a request for comment after hours.)

New victim claims on the threat group's online dashboard (Hunters International)

If accurate, the claim would be Austal's second run-in with hackers since 2018, and it comes at a sensitive moment. Austal is said to be in talks with three different investors about a potential sale, according to the Financial Review. 

Most commercial cyberattackers use malware to encrypt victims' files, and demand a ransom in exchange for the decryption key. Hunters International is of a different breed. The group focuses on stealing data, then using it to blackmail or pressure the victim. It is not afraid of causing collateral damage in order to get paid: earlier this year, the group hacked a Beverly Hills plastic surgery clinic and released confidential photos of several patients - and noted that it had another 250,000 files from the same business.

Its custom malware appears to descend from code used by the now-defunct Hive group, according to security researchers. Hive, a notorious malware organization with more than 1,300 victims and $100 million in ransom payouts, was disrupted and disbanded by law enforcement earlier this year. In a statement in October, Hunters International denied a direct connection with Hive, and said that it had only bought Hive's code and improved upon it.