Ransomware spreading gang reveals visa details of working employees in America


In an unprecedented turn of events in the United States, a relatively obscure ransomware group has committed a grave act by exposing the personal information of individuals who held work visas in the country. This audacious breach took place earlier this year when the group targeted Sabre’s database. Faced with the unyielding demands of the hackers, and having failed to meet their requirements, Sabre found itself confronted with a distressing revelation when a portion of the stolen data was disclosed by the hackers this week.

Sabre, a major player in the travel booking industry, only became aware of the data breach through media reports. In response to the allegations made by the hackers, the company promptly issued a statement vowing to conduct a thorough investigation into the matter.

Inside sources at Cybersecurity Insiders have uncovered that Sabre fell victim to a data exfiltration operation orchestrated by the Dunghill Ransomware Spreading group, resulting in the theft of approximately 1.3 terabytes of data. The stolen information encompasses a wide array of sensitive details, including ticket sales records, passenger statistics, as well as the personal information of employees. This compromised employee data includes their nationalities, dates of birth, passport numbers, visa details, I-9 form particulars, financial records of the corporation, and other personnel-related information.

The revelation that the hackers had accessed the visa details of Sabre’s employees authorized to work in the United States sent shockwaves through the company. The extent of the breach remains uncertain, prompting Sabre to enlist the services of a forensic investigation team to delve deeper into the incident.

At present, little is known about the Dunghill group. However, some sources on Telegram have suggested that this ransom-demanding collective may have ties to the Dark Angels Ransomware, which itself has roots in the code of the infamous Babuk Ransomware.

Furthermore, according to an update from Malwarebytes, the same group targeted the servers of various entities, including the game developer Incredible Technologies, food company Sysco, and automotive manufacturer Gentex. The common thread among these victims was their perceived reluctance to comply with the ransom demands, prompting the Dunghill gang to resort to data leaks as a form of retaliation.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display