Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyberattack and is currently investigating the impact of the incident.
The company is based in Australia and specializes in high-performance aluminum vessels. Its American subsidiary, Austal USA, is under contract for multiple programs that include building Independence class littoral combat ships for the U.S. Navy, which are 127-meter-long vessels at a cost of $360 million per unit. Austal also has an active $3.3 billion contract for building 11 patrol cutters for the U.S. Coast Guard.
Earlier today, the Hunters International ransomware and data extortion group claimed to have breached Austal USA and leaked some information as proof of the intrusion.
Responding to a request for comment, a spokesperson for the company confirmed the attack to BleepingComputer and said that Austal USA acted quickly to mitigate the incident:
Austal USA recently discovered a data incident. We were able to quickly mitigate the incident resulting in no impact on operations.
Regulatory authorities, including the Federal Bureau of Investigation (FBI) and Naval Criminal Investigative Service (NCIS) were promptly informed and remain involved in investigating the cause of the situation and the extent of information that was accessed.
No personal or classified information was accessed or taken by the threat actor. We are working closely with the appropriate authorities and will continue to inform any stakeholders impacted by the incident as we learn new information.
Austal USA recognizes the seriousness of this event and the special responsibility we have as a DoD and DHS contractor. Our assessment is on-going as we seek to fully understand this incident so that we can prevent a similar occurrence.
Hunters International threaten to publish more data stolen from Austal’s systems in the following days, including compliance documents, recruiting information, finance details, certifications, and engineering data.
Austal USA did not share if the threat actor was able to access data about engineering schematics or other proprietary U.S. Navy technology.
Hunters International emerged recently as a ransomware-as-a-service (RaaS) operation and is believed to be a rebrand of the Hive ransomware gang, a theory based on overlaps in the malware code.
The group denied the allegations, though, saying that they are a new operation that purchased the encryptor source code from the defunct Hive. According to the threat actor, encryption is not the end goal of their attacks, as their focus is on stealing data and using it as leverage to extort victims into paying a ransom.
At the moment, the gang’s data leak site lists well over a dozen victims in different sectors and from various regions of the world.