Ransomware attacks vs Kimchuk, Visser reveal supply chain threat to DOD

Ransomware attacks vs Kimchuk, Visser reveal supply chain threat to DOD

The operators behind DoppelPaymer ransomware reportedly attacked electronics manufacturer Kimchuk earlier this month, disrupting the company’s operations and stealing sensitive data that they have been publishing online as part of an extortion plot.


Meanwhile, the cybercriminal outfit has continued to also publish information stolen earlier this year from Visser Precision, a parts maker and manufacturing solutions provider for the aerospace, automotive, industrial and manufacturing industries.


Danbury, Conn.-based Kimchuk primarily serves the military, medical, safety, energy and telecom industries. According to a TechCrunch report detailing the Kimchuk incident, stolen files include the company’s payroll records, broker approvals and purchase orders — including orders from one customer’s nuclear divisions — but nothing marked as classified. A date that was observed on a directory of stolen files suggests the data exfiltration may have taken place around March 5, the report continues.


The general m.o. exhibited by the DoppelPaymer actors is to continue publishing sensitive files until the victimized company pays to make them stop.


TechCrunch’s report cites Emsisoft Threat Analyst Brett Callow, who separately reached out to SC Media to reveal that DoppelPaymer’s campaign continues against Visser, a defense subcontractor that serves companies like Lockheed Martin, General Dynamics, Boeing and SpaceX. The latest set of stolen Visser files found on DoppelPaymer’s official dump site includes a proprietary Lockheed Martin engineering specification document.


“The DOD needs to act quickly to secure its supply chain. Should it not, there will inevitably be more Visser-like breaches which could potentially result in extremely sensitive information being exposed,” said Callow, noting tha ..