The Qilin ransomware group has allegedly targeted two American companies, Moser Engineering and SPG Construction LLC, adding them to its dark web leak site. The group has threatened to release the full cache of stolen data unless the companies establish contact. This double attack highlights the persistent and indiscriminate nature of ransomware gangs, targeting vital players in both the manufacturing and industrial construction sectors. The initial leaks include sensitive documents from both companies, suggesting a significant data breach.
Moser Engineering, a prominent manufacturer of high-performance rear-ends, drive-line components, and braking systems for the automotive aftermarket industry, is one of the victims. The company is a key supplier for racers and car enthusiasts. SPG Construction LLC, the second victim, specializes in heavy industrial construction and the implementation of process systems for capital-intensive projects across the United States. They serve major clients in critical sectors such as minerals, food and beverage, and industrial water treatment. The alleged breach could expose proprietary and financial information, posing a risk to the companies’ operations and their clients.
The threat actors have published a sample of the data allegedly exfiltrated from both companies. For Moser Engineering, the leaked files appear to include:
- Financial spreadsheets detailing sales and assets
- Technical drawings and CAD files of components
- Internal merchant billing statements
- Inventory and parts management documents
For SPG Construction LLC, the initial data leak allegedly contains:
- Certificates of liability insurance
- Detailed project blueprints and technical diagrams
- Purchase orders and other financial agreements
- Bank reconciliation statements
- Spreadsheets with project hours and labor costs
