A group of threat actors have hacked into Perceptics, the most-used car plate license reader manufacturer in the United States; according to web application penetration testing specialists hackers accessed the company’s internal files and published them for free download in various dark web forums.
Last Thursday, a group of hackers, self-appointed
as “Boris Bullet-Dodge”, contacted multiple members of the
cybersecurity community to announce the hacking incident; ackers sent a sample
of the files extracted from Perceptics’s corporate networks to demonstrate the
veracity of their claims. It is believed that this group of threat actors was
also involved in a security incident last month.
The exposed information include files with
different extensions (.xlsx,.jpg,.docx,.mp4, etc) with location names, zip
codes, files related to the company’s government clients and evidence material,
report the web application penetration testing specialists.
Exposed files, equivalent to hundreds of GB of
information, include Microsoft
Exchange databases, human resource records, Microsoft Server data
stores, and more. Confidential details of the company, such as financial
figures and personal information, are currently available in multiple
compressed files format in various hacking forums on dark web.
Given the nature of the business of the
company, dedicated to tasks such as the acquisition of border security data,
commercial vehicle inspection, electronic payment of highway fees and road
monitoring, web application penetration testing specialists believe that a
considerable amount of confidential information is likely to have been exposed.
A spokeswoman for Perceptics confirmed that the
company was aware of the state of security in its networks. “We are
collaborating with federal authorities in investigating the incident; that’s
all we can say for now”, concluded the spokesperson.
According to the experts from the International
Institute of Cyber Security (IICS), the company’s website redirects visitors to
the Google home page, so it is believed that the organization still fails to
restore all of its systems. More details are expected in the coming days.
