The new hacking group, which claimed to have stolen confidential source code and sensitive project files from SK Telecom last month, is now threatening to leak that data if the telecommunications giant doesn’t start negotiations.
The previously unheard-of ransomware group, CoinbaseCartel, apparently hoping to garner attention for itself and get a ransom payout from the South Korean telecom, posted a new “Critical Announcement” on its dark victim blog site sometime on Tuesday.
“FULL SOURCE DISCLOSURE THIS WEEK,” the cybercriminal group – which is in no way connected to the Coinbase cryptocurrency exchange – wrote in the message to SK Telecom.
The ransomware group allegedly infiltrated the telecom’s networks in mid-September, claiming SK Telecom on its victim blog and the notorious hacker marketplace BreachForums on September 16th (or at least one of its many BF reboots.)
The hackers claim to have gotten their hands on source code exposing multiple internal company projects, build configurations, Dockerfiles, and even exposed AWS access keys.
Although it has not posted any visual samples to prove its claim, CoinbaseCartel reportedly has 19.6MB of SK Telecom data in its possession and has provided a download link to a zip file containing multiple files with PY (Python) extensions, among others.
“This is part of SK Telecom’s source code, they haven’t reported it to the South Korean government and refuse to engage,” the hackers wrote.
The purported attackers say that its victims may request “a sample package via private access for verification” before entering into “discussions.”
Cybernews researchers, who investigated the claim at the time, said it looked as if the attackers gained access to the system by compromising an employee’s Bitbucket account.
Owned by Atlassian, Bitbucket is a Git repository management service allowing teams to build, test, and deploy code utilizing one centralized cloud-based location, its website states.
With over 23 million customers representing about 50% of the Asian nation’s market share, SK Telecom (SKT) boasts its own music platform, operates several professional sports teams, recently launched Korea’s largest AI semiconductor manufacturing company and has its own strategic investment division, SKT Americas, operating out of Silicon Valley, California.
Who is CoinbaseCartel?
CoinbaseCartel appears to have first hit the ransomware scene this September, posting about 17 victims on its onion site since.
On its leak site, the group says it does not encrypt victims’ files; instead, its focus is “exclusively on data exfiltration – our operations never involve system encryption or operational disruption.”
CoinbaseCartel also states that it has no political, personal, or activist agenda, operating solely as a “purely commercial operation, limited to data acquisition.”
Many of the victim names listed on the CoinbaseCartel site have also been previously claimed by other ransomware groups, leading Cybernews to question if the claimed breaches are just recycled, already stolen data.
(Courtesy: cybernews.com)
