Trelleborg Group Data Breach 2023 Leaked Online By AlphV

Trelleborg Group Data Breach 2023 Leaked Online By AlphV.

Trelleborg AB is a Swedish global engineering group focused on polymer technology, with their headquarter in Trelleborg, Sweden. It has 16,701 employees and a yearly revenue of 30.1 billion SEK as of 2022. It became a public company in 1964 and currently trades on the Nasdaq Stockholm as a large cap component.

About the threat actor:

AlphV is also known as BlackCat and is a ransomware group first noticed in November, 2021. They operate a ransomware-as-a-service (RaaS) business model, BlackCat look for affiliates in known cyber crime forums, offering to allow affiliates to leverage the ransomware and keep 80-90% of the ransom payment. BlackCat, also known as ALPHV and Noberus is a ransomware family written in the programming language Rust.

For initial access, they rely on stolen credentials obtained through initial access brokers. Like an employee with bad intentions for example.

Newly aquired company:

EirMed is a leader in the design, engineering, manufacturing, assembly and packaging of medical devices. Their expertise is integrated into the creation of devices designed to improve patients' lives. Now EirMed part of TRELLEBORG.

Trelleborg is committed to supporting the healthcare and medical industry with advanced polymer engineered components.

Already a leading developer and manufacturer of sealing solutions for the healthcare and medical applications, Trelleborg has recently made significant investments in advanced technology to expand its offerings to its customers.

Proof: https://www.trelleborg.com/en/healthcare/eirmed-joined-trelleborg

"Trelleborg is committed to supporting the healthcare and medical industry with advanced polymer engineered components.

Already a leading developer and manufacturer of sealing solutions for the healthcare and medical applications, Trelleborg has recently made significant investments in advanced technology to expand its offerings to its customers."

So what happened?

The hackers entered the network and exfiltrated about 200 gigabytes of information and BitDefender antivirus was disabled, the company's infrastructure was completely compromised. Two Daily NAS, local backup storage and three ESXI servers were encrypted.

NOTE: A link to a full cloud of 200 GB files and a full chat log with the company will be published on Thursday the 9th of November, 2023 according to the threat group. Which will not take long to download for anyone with fibre.