INC Ransom group has targeted the building technology solutions provider, ControlNET LLC. The ControlNET cyberattack on June 10, 2024, allegedly targeted the supply chain factor of the organization and also asserted intrusion on Rockford Public Schools. ControlNET, renowned for its expertise in HVAC, lighting, video surveillance, access control, and power solutions, is now facing an alleged attack by a hacker group. In its post, the group not only infiltrated ControlNET's systems but also exposed sensitive information, including invoice details, building floor plans, email communications, and sample folders of ControlNET and their clientele.

Understanding the ControlNET Cyberattack

The ramifications of this breach extend beyond ControlNET with operations disrupted and data compromised for the organization. However, the claims for this cyberattack on ControlNET have not been verified. The hacker group’s post on the dark web shed light on their motives, citing ControlNET's alleged negligence in safeguarding customer data.  [caption id="attachment_76431" align="alignnone" width="1357"] Source: Dark Web[/caption] “This company has taken very poor care of the data entrusted to them by its customers. In the course of a successful attack, we stole a huge amount of data. We also attacked the clients of this company ROCKFORD SCHOOL. Which we have access to thanks to CONTROL NET”, reads the threat actor post.  The leaked information highlights the urgent need for enhanced cybersecurity measures, particularly in industries like construction and education, where sensitive data is at stake.

Who is the INC Ransom Hacker Group?

The Cyber Express has reached out to the organization to learn more about this ControlNET cyberattack and the authenticity of the claims made by the threat actor. However, at the time of writing this, no official statement or response has been received, leaving the claims for the cyberattack on ControlNET unverified.  Moreover, the company's website appears to be operational, suggesting that the attack may have targeted the backend infrastructure rather than the front-end interface. The threat actor in this attack, INC Ransom, is a ransomware group that emerged in August 2023, employing double and triple extortion tactics on victims, leaking data on their blog. Victims, mainly from Western countries, face threats and coercion during negotiations, with evidence packs published to pressure payment. The group's leaked blog includes light and dark UI options, a feedback box, and a Twitter link. While similar to LockBit 3.0's blog, INC Ransom does not charge for leaked data. Victims, spanning private sector businesses, a government organization, and a charity association, hail mostly from the United States and Europe, emphasizing the widespread impact of this cyber threat. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.