Updated: Mar 28
Maersk denies it has been cyber-attacked by hacker group Anonymous Sudan, despite leaked customer credentials appearing on social media.
The group posted a .txt file with several usernames and passwords of Maersk customers on its telegram channel, alongside AI art and threats of attacks against other Swedish and
Danish companies, citing as its motivation “their burning of the Quran”.
“We have more data, this is just a sample,” read the post, but Maersk says it is not obvious whether the data is current.
Spokesman Jonatan Rying Larsen said: “There is no indication of any breach or compromise of Maersk systems.
“We are aware of a claim that data purporting to be ours has been published by cyber criminals. There is evidence of credentials belonging to a very limited number of both active and inactive individual customers have been obtained by cyber criminals outside our systems. This was immediately identified and countered by our side.
“We take data leaks extremely seriously and will be investigating this fully.”
It is possible the data is the aftermath of the 2017 NotPetya ransomware attack against Maersk, which locked the company’s systems. In a ‘double extortion’ ransomware attack, data such as passwords is first copied by hackers and then encrypted for ransom.
“There is a possibility this could be previous data from a double ransomware attack,” Ken Munro, of PenTestPartners, told The Loadstar. “If the data is current, it is indicative of a current breach. But it could be that someone stumbled onto the data on the dark web and assumed it was current. Data on the dark web is difficult to attribute and date.”
“It could be one of their shipping agents that’s been breached. That is probably more likely, as Maersk has spent a lot of time and money improving cybersecurity.”
A February report by German cybersecurity firm Truesec suggests that, far from being motivated by Islamic fundamentalism, Anonymous Sudan is a Russian state-sponsored hacker organisation using a plausibly deniable cover to interfere with Sweden’s application to join NATO.
The Maersk news occurs against a backdrop of increased cyber-risk in shipping following a DNV hack this year and a growing emphasis on targeting shipping for financial gain, according to an ENISA report this week.
“Criminals follow the money,” said Mr Munro. “If you’re looking to make a lot of money, you’d be better off looking at an industry where a lot of money is transacted and has less mature cybersecurity systems. Maritime… is a distributed, complicated, global network with multiple points of entry, multiple ways to get things wrong and, perhaps, a historic unwillingness to invest in cybersecurity.”