The group known as ‘BlackSuit’ hackers responsible for the CDK cyberattack targeting U.S. car dealers

A recent hack into software maker CDK Global has caused disruptions at auto dealerships across the U.S., highlighting the increasing threat of ransom-demanding cybercriminals targeting big companies through their software suppliers. This article will delve into the details of the CDK hack and explore the group believed to be behind it, known as BlackSuit. With limited information available on BlackSuit, we will discuss their operations, targets, and the impact of their attacks on organizations worldwide.

BlackSuit is a relatively new cybercriminal group that emerged in May 2023. Analysts believe it is a spin-off of the well-known Russia-linked hacking group named RoyalLocker, which mainly targeted American companies. While RoyalLocker was considered a formidable group, BlackSuit is not as aggressive and has a smaller number of victims listed on its data leak site compared to other ransomware gangs. Most of BlackSuit’s victims have been in the U.S., followed by the U.K. and Canada, spanning various sectors.

According to security firm Recorded Future, BlackSuit has breached at least 95 organizations worldwide, with a focus on American organizations in sectors such as industrial goods and education. However, the actual number of victims is believed to be higher. Russian-speaking threat actors affiliated with BlackSuit have been seen soliciting partnerships in underground forums to provide access to companies, indicating a growing threat landscape.

BlackSuit employs a tactic known as “double extortion,” where it steals sensitive data from victim organizations, encrypts their systems, and threatens to leak the information unless a ransom is paid. The group also provides support to smaller partner groups, known as “affiliates,” by offering hacking infrastructure and resources to pressure victims into paying. This approach adds a layer of complexity to their operations and underscores the evolving nature of cyber threats.

The recent CDK Global hack, believed to be the work of BlackSuit, has disrupted operations at numerous auto dealerships in the U.S., forcing them to resort to manual processing of transactions. This incident underscores the critical importance of securing software supply chains and enhancing cybersecurity measures to mitigate the risk of such attacks. Organizations must remain vigilant and prioritize cybersecurity to protect sensitive data and prevent financial losses associated with ransomware attacks.

In conclusion, the emergence of groups like BlackSuit highlights the evolving threat landscape faced by organizations worldwide. With their focus on double extortion and targeted attacks, cybercriminals are becoming increasingly sophisticated in their tactics. It is essential for businesses to invest in robust cybersecurity measures, conduct regular security assessments, and educate employees on best practices to defend against cyber threats. By staying informed and proactive, companies can reduce their vulnerability to ransomware attacks and safeguard their operations from potential disruptions.

Share This Article