The Trinity hacker group A cyber attack directed at the Spanish Tax Agency (AEAT) has been attributed with which, predictably through a double extortion ‘ransomware’ attack, they claim to have stolen 560GB of data with information from taxpayers and the agency itself, for which they ask a ransom before December 31 to avoid publishing the leak.
Trinity is a relatively new cybercriminal organization, whose first attacks were identified in May of this year. In them, uses a type of malicious ‘software’ that infiltrates computer systems of the victim in order to steal valuable information and, after that, extort the victims in exchange for a financial ransom.
In this framework, they assure in a statement that one of their victims is the Spanish Tax Agency, as a result of a malicious attack that occurred this Sunday, December 1, as reported by cybersecurity companies such as HackManac or Secure&IT. In it, the hackers say that it has resulted in the theft of a total of 560GB of data containing sensitive information of taxpayers and the organization.
Likewise, Trinity has threatened to make all this data public if they do not receive a ransom of 38 million dollars (around 36 million euros at the exchange rate) before Tuesday, December 31 of this year.
Double extortion ‘ransomware’
Specifically, the usual modus operandi of this group of malicious actors is the use of ‘ransomware’ capable of hijacking sensitive information, as has been recorded in previous operations of the Trinity group, collected in a report from the Security Office of United States Information.
This ‘ransomware’, which is also called Trinity, is spread in phishing attacks using emails, malicious websites or by intercepting software vulnerabilities to introduce it into the system.
Once the computer is infected, cybercriminals carry out a double extortion scamin which they first identify and steal confidential information, and then encrypt and block it so that it cannot be used.
To do this, they use the encryption algorithm called ChaCha20which locks the data making it inaccessible and tags it with the ‘.trinitylock’ extension. Thus, by encrypting the data preventing its use, and subsequently threatening to leak it, they put double pressure on the victims to pay the ransom.
In fact, according to the US report, the hacker group also runs a victim support site to help them decrypt the data, as well as a leak site where it displays the stolen data.
In addition to all this, due to the group’s techniques and tactics, which are described as “sophisticated”, they have been linked to other ‘ransomware’ groups with which they share similarities, specifically with 2023Lock and Venuswhich also use ‘ransomware’ to steal data.
In the case of the attack that the Trinity group claims to have carried out against the Spanish Tax Agency, for the moment, It is unknown if the same ‘ransomware’ has been used and, therefore, the same method of extortion.
For its part, the Tax Agency has confirmed to Europa Press that they have reviewed all the systems and that, for the moment, no indication of possible encrypted equipment or data output has been detected. Likewise, the agency has also indicated that it continues to monitor all its systems.
#Trinity #acts #group #hackers #claims #stolen #data #Tax #Agency
