The operators of the Maze ransomware have published dozens of GBs of internal data stolen from corporate networks of business giants LG and Xerox.
The Maze group is primarily known for its eponymous ransomware. Threat actors break into corporate networks, steal confidential files, and then encrypt the data, demanding a ransom for decryption. If the victim refuses to pay the ransom and decides to restore the data from the backups, the criminals create an entry on their "leaks website" and threaten to publish the victim's confidential data after the second extortion attempt. The victim is then given a few weeks to think over its decision, and if victims don't give in during this second extortion attempt, the Maze gang will publish files on its portal.
Attackers reported the leaks to LG and Xerox back in late June, creating entries for each of the two companies on their portal, but tech giants refused to comply with the criminals' demands. Then hackers released 50.2 GB of LG data and 25.8 GB of Xerox data.
As reported by ZDNet, the stolen data allegedly contains source code for the cloused-source firmware of various LG products, such as phones and laptops. According to the attackers, they did not install ransomware on LG's network, but simply stole the company's corporate records.
"We decided not to execute the Maze ransomware because their clients are socially significant and we do not want to create disruption for their operations, so we only have exfiltrated the data," the Maze told ZDNet.
Maze operators also have stolen information related to customer service operations of Xerox.