Compass Communications, a prominent telecommunications provider based in Auckland, New Zealand, recently confirmed that it was the victim of a ransomware attack by the RA World cybercrime group. The group has claimed responsibility for stealing 250GB of sensitive data, including financial records, customer information, human resources data, and details about ongoing projects. RA World posted a 26.9MB archive of sample data on its darknet leak site to prove the attack, including service agreements, financial statements, and banking details from customers. Although the ransom amount has not been disclosed, the deadline for payment is set for January 1, 2025.
In response to the breach, Compass Communications acknowledged the unauthorized access and informed Cyber Daily that their security monitoring systems detected the incident last week. As soon as the breach was identified, the company engaged external security specialists and notified the necessary government authorities, including New Zealand’s Privacy Commissioner. The company emphasized its ongoing investigation into the full extent of the breach while assuring customers that those whose data has been compromised will be directly contacted with support options.
RA World, which operates under the alias RA Group, has been active since at least April 2023 and is known for targeting organizations in the United States and South Korea. Security experts have linked the group to a modified version of Babuk ransomware, which encrypts data but leaves enough functionality for victims to contact the attackers. The initial point of access for RA World is typically through misconfigured internet-facing devices, and once inside, they attempt to move laterally within the network to steal additional credentials and escalate their access.
Compass Communications, a 100% Kiwi-owned company that offers broadband and mobile services, has been in operation since 1995. The attack has raised concerns about the vulnerability of critical infrastructure, with cybersecurity researchers noting potential links between RA World and other threat actors, including the Chinese group Bronze Starlight. Despite the breach, Compass has committed to transparency and securing its customers’ data, stressing that the investigation into the incident is ongoing and that further updates will be shared as necessary.
Reference:
