Dec. 2 (Portaltic/EP) –
The group of Trinity hackers has been attributed a cyber attack directed at the Spanish Tax Agency (AEAT) with which, predictably through a double extortion ‘ransomware’ attack, they claim to have stolen 560GB data with information from taxpayers and the organization itself, which is why they ask for a rescue before December 31 to avoid publishing the leak.
Trinity is a relatively recent cybercriminal organization, whose First attacks were identified in May of this year. In them, use a type of malicious software that infiltrates the victim’s computer systems in order to steal valuable information and, after that, extort money from the victims in exchange for a financial ransom.
In this context, they assure in a statement that one of their victims is the Spanish Tax Agency, as a consequence of a malicious attack that this occurred Sunday December 1, as reported by cybersecurity companies such as HackManac or Secure&IT. In it, the hackers say that the theft of a total of 560GB of data that contain sensitive information of the taxpayers and the organization.
🚨Cyberattack Alert!!
🇪🇸Spain – Tax Agency (AEAT)
Trinity hacking group claims to have breached AEAT Tax Agency.
According to the post, 560 GB of data were exfiltrated.
Ransom deadline: 31st Dec 24. pic.twitter.com/HJEyYSzAor
— HackManac (@H4ckManac) December 1, 2024
Likewise, Trinity has threatened to make all this data public if they do not receive a ransom of 38 million dollars (around 36 million euros at the exchange rate) before Tuesday December 31 of this year.
DOUBLE EXTORTION ‘RANSOMWARE’
Specifically, the usual modus operandi of this group of malicious actors is use of ‘ransomware’ capable of hijacking sensitive informationas has been recorded in previous operations of the Trinity group, collected by a report of the United States Information Security Office.
This ‘ransomware’, which is also called Trinity, spreads in phishing attacks using emails, malicious websites or by intercepting software vulnerabilities to enter it into the system.
Once the computer is infected, cybercriminals carry out a double extortion scamin which they first identify and they steal the information confidential, and then they encrypt it and they block it so that it cannot be used.
To do this, they use the encryption algorithm called ChaCha20, which locks the data making it inaccessible and tags it with the ‘.trinitylock’ extension. Thus, by encrypting the data preventing its use, and subsequently threatening to leak it, they put double pressure on the victims to pay the ransom.
In fact, according to the US report, the hacker group also runs a victim assistance site to help them decrypt the data, as well as a leak site where it displays the stolen data.
In addition to all this, due to the techniques and tactics of the group, which are described as “sophisticated”, They have been linked to other ransomware groups with which they share similarities, specifically 2023Lock and Venuswhich also use ‘ransomware’ to steal data.
In the case of the attack that the Trinity group claims to have carried out against the Spanish Tax Agency, for the moment, it is unknown if the same ‘ransomware’ and, therefore, the same extortion method was used.
For its part, the Tax Agency has confirmed to Europa Press that they have reviewed all systems and that, for the moment, no indication of possible encrypted equipment has been detected or data outputs. Likewise, the agency has also indicated that it continues to monitor all its systems.
Add Comment