Are Maze operators behind the attack on the IT services giant Cognizant?

IT services giant Cognizant suffered a ransomware attack on Friday, according to BleepingComputer company was hit by the Maze Ransomware crew.

Information technologies services giant Cognizant is the last victim of a ransomware attack, according to BleepingComputer the attack was launched by the Maze Ransomware gang.

Cognizant is an American multinational corporation that provides IT services, it is one of the largest IT managed services company in the world with over $16 billion in revenue.

On Friday, the company sent a security breach notification mail to its clients and shared IoCs related to the threat that affected its systems.

“On Friday, Cognizant began emailing their clients, stating that they had been compromised and included a “preliminary list of indicators of compromise identified through our investigation.” Clients could then use this information to monitor their systems and further secure them.” reported BleepingComputer.

The IOCs provided by the company are associated with past infections attributed to the Maze Ransomware crew, it included IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files.

BleepingComputer reached out Maze operators for a comment, but the denied being involved in the attack.

If Maze operators were behind the attack, they likely breached the company network for a long time during which they have stolen credentials and exfiltrated sensitive data.

“It is possible that an attack was conducted but failed to encrypt any devices.” concludes BleepingComputer.

“If the Maze operators conducted this attack, they were likely present in Cognizant’s network for weeks, if not longer.”

Data Breach Notification service UnderTheBreach noticed that on April 11, an operator in the cybercrime underground offered for sale the access to a big enterprise, they speculate the big organizations could be Cognizant.

Since December, the victims of the Maze Ransomware are facing another threat because operators behind the malware threaten them to publish their data online.

The Maze operators have created a “data leak” site that is used to publish stolen data from victims that did not pay the ransom.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Cognizant, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.