National Oil Ethiopia PLC (NOC), a prominent petroleum marketer operating in Ethiopia, has allegedly been compromised in a significant data breach and ransomware attack. A threat actor on a hacker forum claims to have successfully breached the company’s network infrastructure, detailing an extensive eight-step intrusion process. The attacker reportedly gained an initial foothold by exploiting an Exchange ProxyLogon vulnerability, eventually escalating privileges, disabling Kaspersky security software, compromising Veeam backup systems, and deploying ransomware across the network.
The allegedly compromised data includes four exfiltrated databases, with the primary ERP database alone amounting to over 800GB. According to the actor, the stolen information includes:
-
Client details
-
Contracts
-
Employee salaries
-
Personally Identifiable Information (PII)
-
Email addresses
-
Physical addresses
-
Operational business data
Daily Dark WebRead More
R1
T1
