CANON

Hackers bring down company servers, demanding rescue of stolen data

According to the Internet publication BleepingComputer, Canon's online services have been subjected to a powerful attack by hackers. At the moment, more than two dozen American websites for the manufacturer of photo and video equipment, as well as courier services, internal corporate platforms and many other applications, are not working. In addition, according to the source, the hackers stole 10 TB of data, including personal information.
The source says the attack started on July 30, using image.canon, a Canon cloud service that allows you to store photos and videos, when problems began to be observed in your work, and then went completely offline. The service was unavailable for several days. Canon launched again on July 4th. However, nothing was reported on the website's main page about the hacker attack. In addition, the message indicates that there were problems with access to 10 GB of archived information saved before June 16, as a result of the loss of that data. At the same time, Canon ensures that no data leaks have occurred. In general, they solved all problems.



BleepingComputer decided to dig deeper and found that the problems were (and still are) not just in Canon's cloud service. Several dozen of the company's other online resources were under attack. Journalists obtained an image of a message from Canon's service department, which indicates huge system problems at work on many platforms, as well as problems accessing various resources, including mail and a communication channel on the Microsoft Teams platform.
The verification showed that, at the moment, none of the more than 20 company websites presented below are working. At the entrance to them, the user is greeted with a “sketch”, indicating that the resource is under maintenance.



It was later revealed that the attack was carried out by the hacking group Maze, which was behind the creation of the Maze Ransomware ransomware virus. The journalists managed to reach their representatives. They denied the information that the initial attack on the site.canon image was carried out by them, however, confirmed that more than 20 different Canon services were behind the hack. The resource was able to make part of the screen capture available with a message from the hackers to Canon, in which they indicate that they had access to “10 TB of data, private databases and other information” stored on Canon's online services servers. The hackers refused to confirm his words in any way.
In the message, Maze hackers also report that they encrypted the stolen data and its backups. Cannon can only obtain the decoder and access the data if it decides to pay for it. In addition, after payment, hackers commit to delete all data from their media. The details of the deal have not been released, but the attackers are ready to provide them via their own website on the darknet. Apparently, below in the message, there is an instruction on how to do this, but the screen capture is interrupted. If Canon does not agree with the proposed terms, Maze threatens to publish all company data to the public on its website.



BleepingComputer contacted Canon for comment, but they are still silent there. According to the source, many companies, including LG, Xerox, Conduent, MaxLinear, Cognizant, Chubb, VT San Antonio Aerospace and others, had already been victims of the Maze hackers and their Maze Ransomware ransomware.

AVnews