close
close

Hacker gang releases documents stolen from Pentagon IT vendor

Posted on by darion

Hackers have released internal documents stolen from one of America’s largest IT services providers, whose clients include numerous US government agencies, including the Department of Defense.

Bloomberg reports that the leaked data, belonging to Virginia-based Leidos Holdings, was obtained by hackers during a previously reported 2022 breach of software-as-a-service company Diligent.

The cybercriminal gang that leaked the data is believed to be the Russian-linked ransomware group Trigona. Its victims include Mexican telecommunications company Claro.

In October 2023, hacktivists from the Ukrainian Cyber ​​​​Alliance announced that they had managed to take control of the Trigony leaking website and obtained copies of the gang’s internal chats, data, and the website’s source code.

Unfortunately, and perhaps not surprisingly, the disruption to cybercriminal activity turned out to be only temporary.

The good news for the Pentagon (the U.S. Department of Defense is Leidos’ largest customer) is that the stolen information most likely involves internal Leidos corporate data (such as internal reviews and investigations) and not anything that would be considered military-sensitive.

Other U.S. government agencies that will no doubt breathe a sigh of relief include NASA and the Department of Homeland Security.

“We have confirmed that this is a result of a previous incident involving a third-party provider, for which all necessary notifications were sent in 2023,” a Leidos spokesperson said. “This incident did not impact our network or any confidential customer data.”

Diligent, in turn, informed the press that the data breach involved a company that the company itself acquired in 2021.

Diligent says the data breach involved Steele Compliance Solutions and occurred in 2022. At the time, the company informed affected customers about the incident and steps to take.

Diligent reportedly notified Leidos on November 11, 2022, of a security incident in which an unauthorized person gained access to data that should have been protected.

“We take security very seriously and believe we have taken the necessary steps to ensure that any company we acquire meets the same standards our customers have come to expect from a Diligent product,” a Diligent spokesperson said. Register.

Of course, it’s not good that data has leaked online from the Pentagon’s IT supplier. But it’s a lot better than secret military documents being made available online for anyone to download.