Babuk and Basketball

8798486472?profile=RESIZE_400xThe Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack.  Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems.  “The Rockets organization recently detected suspicious activity on certain systems in its internal network.  We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assisting.  “Our internal security tools prevented ransomware from being installed except for a few systems that have not impacted our operations,” the statement added.

The Rockets also said on 14 April they were aware of reports that the hackers behind the cyber-attack claimed to have acquired internal business information from the team.  The team is claiming, “the incident has had no impact to our operations or our ability to take care of our fans, employees, and players.”  However, it added that it would be difficult to determine the scope of the incident until the investigation is completed.  Team officials said they would notify anyone affected if they find personal information was involved in the incident.[1]

Media reported on the 14th that a relatively new hacking group called Babuk has claimed responsibility and is touting they have pilfered 500 gigabytes of the Rockets’ data, including contracts, non-disclosure agreements (NDAs) and financial data.  The group is also known as Babuk Locker and initially Vasa Locker.  Babuk’s leak sites claim that the hackers will not target hospitals and nonprofit charities, and it will attempt to avoid entities with an annual revenue of less than $4M.[2]  Babuk’s version of hacker’s ethics, I guess.  Red Sky Alliance is monitoring over 45+ dark web forums.  Babuk posted this information and took it down very quickly, which could indicate the hackers law enforcement concerns.

Red Sky Alliance has been analyzing and documenting these type of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge.  Many past tactics are often dusted off and reused in current malicious campaigns.  Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network. 

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/3702558539639477516

 

[1] https://www.reuters.com/article/basketball-nba-houston-rockets-cyber/nbas-houston-rockets-probing-cyber-attack-working-closely-with-fbi-idUSL1N2M800P

[2] https://healthitsecurity.com/news/ransomware-extortion-threat-actors-post-data-from-4-healthcare-entities

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!