30 December 2021

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom


Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The personal data of over 1.9 million users of Vietnamese crypto trading app ONUS was put up for sale on an underground forum after the company refused to pay a $5 million ransom. The data was reportedly stolen during “a large-scale cyberrattack” the company suffered on December 24.

“The hacker took advantage of a vulnerability in a set of libraries on the ONUS system to get into the sandbox server (for programming purposes only). However, due to a configuration problem, this server contains information that gave bad guys access to our data storage system (Amazon S3) and stole some essential data,” the company said in a statement.

According to security firm CyStack, the attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos (online banking software) server to plant backdoor and exfiltrate data. The information included nearly 2 million customer records including E-KYC (Know Your Customer) data, personal information, and hashed passwords.

The attackers then demanded $5 million from the company, but, as ONUS decided not to pay the ransom, the hackers put up the stolen data for sale on a forum.

According to BleepingComputer, threat actors claim to have copies of 395 ONUS database tables with customers' personal information and hashed passwords in their possession. The samples also included unredacted images of customers' ID cards, passports, and customer-submitted video selfie clips obtained during the KYC (know-your-customer) process.

Earlier this week, the cybersecurity firm CrowdStrike reported that China-linked APT group Aquatic Panda attempted to breach a large academic institution using a modified version of the Log4Shell exploit.

Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021