Hacking Of CDK Global Disrupts Car Dealer Operations Across The US
JAKARTA - Hacking of software maker company CDK Global has disrupted operations at auto dealers across the United States. This is a series of recent hacks in which cybercriminals known as Black Suit, demanding ransom have targeted large companies by breaking into behind-the-scenes software suppliers.
CDK makes software commonly used by car dealers to process sales and other transactions. According to local press reports, many dealers began to process transactions manually due to the hack.
Who's Black Suit?
Not much is known about this group, but BlackSuit emerged in May 2023. Analysts say that this is a relatively new team of cybercriminals from a well-known hacker group linked to Russia called RoyalLocker.
RoyalLocker mostly hacked American companies and is a tough hacker group from another productive gang called Conti. RoyalLocker is likely the third most persistent ransomware group after LockBit, which hacked PDNS Indonesia, and ALPHV, according to analysts.
However, Black Suit is not as aggressive as the others. The number of victims registered on their data leak site shows that they don't have many hacking partners like the larger ransomware gang, said Kimberly Goody, head of cybercrime analysis at Mandiant Intelligence.
"The majority of victims of BlackSuit are mostly based in the US, followed by the UK and Canada, and cover various sectors," he said.
How Many Organizations Has Black Suit Hacked?
Black Suit has broken into at least 95 organizations globally, according to security firm Recorded Future. "The true number of victims of Black Suit is likely much higher," the company said.
SEE ALSO:
Most of the victims were American organizations in the fields of industrial goods and education, according to a blog last month by security firm ReliaQuest. "We have seen Russian-speaking threat actors affiliated with Black Suit apply for partnerships in underground forums to provide access to companies, until last week," said Goody.
How To Operate Black Suit?
Black Suit is known to do "double scatterers," which in cyber terms means they steal sensitive data on victims' organizations, lock up their systems, and alsocam.m to leak the information.
Goody of Mandiant said that Black Suit has provided hacking infrastructure for smaller partner groups known as "affiliates." Black Suit provides support for extortion to their partners, including resources to disrupt victims or take down their websites to pressure them to pay