A new ransomware group, “Termite,” has attacked Blue Yonder, impacting Starbucks and several major companies and organizations in the UK.

A new ransomware group, “Termite,” has attacked Blue Yonder, impacting Starbucks and several major companies and organizations in the UK.
ThaiCERT Cybersecurity Articles

438/67 Wednesday, December 11, 2024

The newly established ransomware group “Termite” has claimed responsibility for a cyberattack that caused significant damage to Blue Yonder, a major U.S.-based supply chain technology company. The attack has disrupted operations for leading organizations such as Starbucks and prominent UK retailers Morrisons and Sainsbury’s.

Blue Yonder, headquartered in Arizona, revealed on November 21 that it faced disruptions in its hosted systems due to the attack. This has directly affected customer-dependent systems, including Starbucks’ payroll system and Morrisons’ warehouse management system. The Termite group claimed to have stolen 680 gigabytes of sensitive data from Blue Yonder, including databases, email addresses, and over 200,000 insurance documents. They threatened to release this data publicly if their ransom demands are not met. Blue Yonder has engaged external cybersecurity experts to investigate and resolve the incident, stating, “We are making every effort to understand the full scope of the situation and support our affected customers.”

The Termite ransomware is based on a modified version of Babuk ransomware, whose source code was leaked publicly several years ago. Despite being a new group, Termite has rapidly expanded its operations, targeting victims across various sectors, including education, government, oil and gas industries, and automotive manufacturing. In addition to Blue Yonder, Termite has claimed attacks on other entities such as Conseil Scolaire Viamonde in Canada and a government agency in Réunion, France.

Broadcom documents indicate that Termite does not have a specific targeting strategy, attacking organizations ranging from government agencies and educational institutions to critical industries. U.S.-based cybersecurity firm Cyble has detailed the technical workings of the Termite malware used in their campaigns, warning that the group’s growth poses an emerging threat to the cybersecurity landscape.

Source https://cyberscoop.com/termite-ransomware-blue-yonder-disruption/