“The fight against cybercrime will be successful if criminals become convinced that the only consequence of their actions can be punishment and not profiting from crime,” reads the notice on the website of Polish IT services provider Atende. “We did not succumb to the blackmail of the perpetrators of the attack, who demanded a ransom from us, and we would like to thank all customers who unequivocally and without hesitation supported us in this decision. We are not and never will be hostages of criminals. We will not give in to their demands.”
It’s a follow-up to the company’s announcement on October 4 that someone had accessed its IT infrastructure without authorization, and stolen data about its employees and customers.
In its latest notice, the company also addresses those who could potentially come into possession of the stolen data, warning that it will take “strong legal action against anyone who downloads and publishes documents stolen by criminals, violating the company’s and its customers’ trade secrets and the confidentiality of personal data.”
Archives stretching back 15 years leaked
A total of 1.2 TB of data was leaked, including scans of contracts concluded by Atende with companies and public administration units in the years 2000-2012 and 2015-2020, e-mail archives, and documents containing sensitive information (including personal data and Polish national ID numbers of employees) and login data (including login-password pairs and private keys for logging in using SSH), among other things.
According to the CyberDefence24 portal, the attack on Atende was carried out by the same cybercriminal group that in recent months has carried out attacks on two other Polish companies: AIUT and SuperDrob, and which also conducted global operations targeting entities m.in. from the financial, industrial and energy sectors.
Atende first announced the security incident on 4 October. In connection with the detection of a data leak from the company’s network, the company immediately filed a notification of suspicion of committing a crime to the District Prosecutor’s Office Warsaw-Praga in Warsaw. Notifications were also sent to the Central Bureau for Combating Cybercrime, the President of the Office for Personal Data Protection and CERT Polska.
Shortly thereafter, the company issued a warning about possible cases of phishing and spoofing (scams aimed at obtaining confidential information) by impersonating Atende employees.
As it turned out, the attack involved a single file server, from which the hackers stole data on employees and contracts. So far, according to Atende, there is no indication that the integrity of the company’s other systems and services has been compromised as a result of the incident.
The company said it isolated the compromised server and took additional security measures including introducing two-factor authentication for all VPN accounts.
Atende has also commissioned an independent external company to carry out a post-breach analysis of its IT environment.