Breach, Threat Management, Data Security, Malware, Ransomware

Ransomware attacks vs Kimchuk, Visser reveal supply chain threat to DOD

The operators behind DoppelPaymer ransomware reportedly attacked electronics manufacturer Kimchuk earlier this month, disrupting the company's operations and stealing sensitive data that they have been publishing online as part of an extortion plot.

Meanwhile, the cybercriminal outfit has continued to also publish information stolen earlier this year from Visser Precision, a parts maker and manufacturing solutions provider for the aerospace, automotive, industrial and manufacturing industries.

Danbury, Conn.-based Kimchuk primarily serves the military, medical, safety, energy and telecom industries. According to a TechCrunch report detailing the Kimchuk incident, stolen files include the company's payroll records, broker approvals and purchase orders -- including orders from one customer's nuclear divisions -- but nothing marked as classified. A date that was observed on a directory of stolen files suggests the data exfiltration may have taken place around March 5, the report continues.

The general m.o. exhibited by the DoppelPaymer actors is to continue publishing sensitive files until the victimized company pays to make them stop.

TechCrunch's report cites Emsisoft Threat Analyst Brett Callow, who separately reached out to SC Media to reveal that DoppelPaymer's campaign continues against Visser, a defense subcontractor that serves companies like Lockheed Martin, General Dynamics, Boeing and SpaceX. The latest set of stolen Visser files found on DoppelPaymer's official dump site includes a proprietary Lockheed Martin engineering specification document.

"The DOD needs to act quickly to secure its supply chain. Should it not, there will inevitably be more Visser-like breaches which could potentially result in extremely sensitive information being exposed," said Callow, noting that future incidents like this would be relevant to the Department of Defense's forthcoming Cybersecurity Maturity Model Certification (CMMC) program, which when officially enacted will verify if contractors and other members of the Defense Industrial Base have the necessary controls to protect controlled unclassified information (CUI) within the supply chain.

"The CMMC program has not yet been implemented, but incidents such as these demonstrate the need for it to be implemented sooner rather than later," said Callow. "Additionally, consideration should be given as to how to ensure minimum security standards are met in the health care and critical infrastructure supply chains."

SC Media called the Department of Defense's media inquiries desk for comment, but no one answered and there was no opportunity to leave a message.

TechCrunch said it attempted to contact Kimchuk for comment and was apparently included by mistake on an email thread in which the company's chief executive Jim Marquis instructed others within his organization to "not respond." SC Media also reached out to Kimchuk and Visser.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.