Acer has confirmed a cyberattack on its offices in India this week after hackers with the Desorden Group claimed to have breached servers and stolen 60GB of files.
The group emailed ZDNet about the hack, claiming to have access to the customer and corporate business data as well as financial information. When asked, the hackers denied it was a ransomware attack and claimed to have access to the company’s servers “over time.”
Confirming the hack, an Acer spokesperson told ZDNet that their security team recently detected an “isolated attack” on its local after-sales service system in India.
“Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems,” the spokesperson said. “We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity.”
“Acer is a global network of vulnerable systems. We no longer have access to their India servers. This is all we can reveal now,” the hackers said in a follow-up message to ZDNet.
This is the second cyberattack Acer has suffered this year after being hit with ransomware in March.
The REvil ransomware group claimed the attack and demanded a $50 million ransom, one of the highest reported at the time. Acer offered to pay the group $10 million, which was rejected by the hackers.
The Record reported that the data stolen recently by the Desorden Group was posted to cybercriminal forum RAID as well as being sent to reporters.
Acer India was hit with a similar cyberattack in 2012 by a Turkish cybercriminal group, according to DataBreaches.net. The attackers defaced the company website and leaked 20,000 user credentials at the time, the ZDNet report added.
The report further pointed out that DataBreaches.net reported last month that the Desorden Group recently claimed to have hacked into the Malaysian servers of ABX Express Enterprise on September 23.
Like the latest attack, the group sent reporters portions of the stolen files and posted them into the RAID forum. They claimed to have stolen 200GB of information including the data of millions of Malaysians.
In messages to the site, the group said their name stands for “chaos and disorder” and had reorganised after originally going by the name “Chaos CC.”
The group said it plans to attack supply chains and cause “disorder and chaos” that affects as many people as possible. The Desorden Group said that it plans to hold data ransom and sell it if they are not paid. At the time, they claimed to have been negotiating a ransom with an unnamed Italian automotive supply company.