U.S. global apparel and footwear company VF Corporation, which owns Vans, Timberland, and North Face, has confirmed having its operations disrupted by a cyberattack, which has led to the encryption of some of its systems and the theft of data, including personal information, according to The Record, a news site by cybersecurity firm Recorded Future.
Despite no disruptions across VF retail stores worldwide, such an attack has and will potentially continue to have a "material impact" on business operations, said VF in a filing sent to the Securities and Exchange Commission on the first day of the effectivity of its new cyber incident reporting rule, which has been updated to require disclosure upon the identification of incident materiality. "The Company is working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations with the aim of reducing disruption to its ability to serve its retail and brand e-commerce consumers and wholesale customers," VF said. Such an attack, which has not yet been claimed by any threat operation, may have stemmed from an IT environment that has been stressed by the company's numerous acquisitions over time, according to Grip Security CEO Lior Yaari.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.