On Monday 25th of July 2022, the Encevo Group announced that two entities of the group had been victims of a cyber attack that occurred between Friday 22nd and Saturday 23rd of July 2022. The incident involved the customer portals becoming unavailable although, there were no interruptions to the supply of electricity and gas.
A further update posted on Thursday 28th of July 2022 revealed that the initial results of their investigation into the incident indicated that the network intruders had exfiltrated a specific amount of data from the accessed systems. Although the investigation is still ongoing to identify which kind of data has been stolen.
For now, all customers are recommended to reset their online account credentials, which they used for interacting with Encevo and Creos services. Furthermore, if those passwords are the same at other sites, customers should change their passwords on those sites as well.
On Saturday 29th of July 2022, the ALPHV/BlackCat ransomware gang claimed responsibility for conducting a cyberattack against Creos Luxembourg S.A. via their data leak site where they have threatened to publish 180,000 stolen files that are believed to be 150 GB in size and including contracts, agreements, passports, bills, and emails.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.