Related Articles
Britain’s Royal Mail is investigating after a crew calling itself GHNA claimed it has put 144GB of the delivery giant’s data up for sale, perhaps after acquiring it with the same stolen credentials it used to crack Samsung Germany.
“We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail,” the UK operation told The Register. Spectos GmbH is a German supplier of logistics management tools and services.
“We are working with the company to investigate the issue and establish what impact there may be regarding their data. We can confirm there has been no impact on Royal Mail operations and services continue to function as normal,” the postal org told us.
GHNA on Monday used the notorious BreachForums site to claim it had pilfered 293 folders and 16,549 files from Royal Mail Group. The data is said to include names, phone numbers, and physical addresses of senders and recipients, plus details about packages. The stolen haul also apparently includes a Mailchimp mailing list, an SQL database that appears to store the WordPress implementation tied to the website mailagents.uk, and recordings of Zoom chats between Royal Mail and Spectos.
Infosec outfit Hudson Rock CTO and its co-founder Alon Gal think the allegedly stolen data came from a Raccoon infostealer infection – Windows malware that exfiltrates info from compromised systems – that hit Spectos in 2021 and yielded at least one set of employee account credentials.
GHNA’s post about its alleged Royal Mail haul states it is “courtesy of Spectos, again.”
Hudson Rock’s Gal thinks it’s likely the same login credentials were used to break into Samsung Germany. That is to say, whichever miscreant logged into Spectos using the compromised credentials to extract Royal Mail data, also took Samsung files, too, or so it’s claimed.
We are aware of an incident which is alleged to have affected Spectos, a supplier of Royal Mail
The Samsung incident saw GHNA again claim it had stolen information, in this case 270,000 customer service tickets. The data allegedly spans multiple years but includes a large number of entries dated 2025.
The swiped records apparently include people’s full names, physical and email addresses, the model numbers of their hardware, payment details, and communications between Samsung and its German punters.
Hudson Rock warned that analysis of the stolen datasets could allow cybercrims to find and defraud or rob future victims.
Samsung’s data, for example, apparently includes purchase records that mention home addresses – a combo that could allow criminals to pinpoint owners of pricey electronics. The same is true for Royal Mail customers, thanks to the leak apparently containing order histories that could allow crooks to analyze where big spenders reside. The allegedly stolen data could therefore fuel a real-world break-in.
Spectos and Samsung had no comment at the time of writing. ®
Source link
