Casio hack claimed by Underground ransomware group

Major Japanese electronics manufacturing firm Casio was admitted to have been compromised by the Underground ransomware operation in an attack on Oct. 5, according to BleepingComputer.

Such an intrusion was claimed to have resulted in the exfiltration of troves of data, with Underground exposing confidential, financial, and legal documents, employees' personal and payroll data, non-disclosure agreements, patent and project information, and incident reports purportedly stolen from Casio's systems on its extortion portal. Casio has yet to comment on Underground's assertions. Most of the 17 organizations compromised by Underground since its emergence in July 2023 were in the U.S. Attacks by the ransomware gang were previously reported by Fortinet researchers to have involved the exploitation of the Microsoft Office remote code execution vulnerability, tracked as CVE-2023-36884, before ensuring persistence, halting MS SQL Server operations, and removing shadow copies. Underground then proceeds to expose exfiltrated data on the Mega leak site.