On June 8, Japanese conglomerate Kadokawa suffered a cyberattack that rendered several of its websites inaccessible, including the official website and online service platforms NicoNico and Ebten.
Development studio FromSoftware, which is behind Elden Ring, is also owned by Kadokawa, but the impact of the cyberattack on its business has not been specified.
Ten days later, CDK, a software provider for car dealerships, also suffered a cyberattack that required the shutdown of most of its systems. At the time of publication, the impact on the activity of car dealers across the Atlantic remains considerable; it should be noticeable in the new vehicle registration figures for June. And the restoration of the systems still appears far from complete.
On June 22, the National Health Laboratory Service (NHLS) in South Africa was hit by a ransomware cyberattack. The NHLS systems were rendered inaccessible and the laboratories operated in manual mode, with test results communicated by telephone.
What do these cyberattacks have in common? Extensive impacts and the same person responsible: the BlackSuit group. The latter claimed responsibility for the attack on Kadokawa on June 27, announcing the disclosure of 1.5 TB of stolen data for June 1is July.
Anonymous sources confirmed to our colleagues at Bleeping Computer BlackSuit’s involvement in the cyberattack against CDK. On Sunday, NHLS CEO Koleka Mlisana publicly blamed BlackSuit for the attack. This is not BlackSuit’s first victim in the healthcare sector: on April 15, the attack on Octapharma Plasma, operator of more than 150 blood plasma donation centers in the United States, was attributed to BlackSuit, which claimed responsibility on April 23.
The first known victims of this brand date back to June 2023, but it was from last November that they began to multiply. To date, there are just under a hundred claims.
Last fall, the US Cybersecurity and Infrastructure Security Agency (CISA) suspected as much – and was not alone: “there are indications that Royal is preparing a rebranding effort and /or of spinoff “. In their sights, BlackSuit, which “shares several similar code characteristics with Royal”.
Royal is the group involved in the cyberattack that hit the city of Lille in late February 2023. Its origins were in a franchise discovered in January 2022 and named Zeon. None of its victims are publicly known.
Yelisey Bohuslavskiy of RedSense believes that BlackSuit is an offshoot of the late Conti’s second team, having chosen to open up and decentralize, recruiting attackers (or pentesters, according to the jargon in force in the world of cybercrime) at LockBit, Akira (another offshoot of Conti) and BlackCat.
According to him, in March, a split took place at BlackSuit, giving rise to another spin-off Royal, BlackSpade. This subgroup is believed to be responsible for the attack on Octapharma Plasma and CDK.
