TELUS Digital, a large multinational IT firm based in Canada, has suffered a major breach after being compromised by ShinyHunters, an infamous ransomware group. While the company initially downplayed the attack, ShinyHunters claim they stole over 700 terabytes of data. The group also says the data is highly sensitive, including source code, background checks, call records, and other critical information.
About Telus Digital & ShinyHunters
Telus Digital is a subsidiary of Telus Corporation, a Canadian telecommunications conglomerate. The company has pivoted its focus toward AI technologies, handling backend IT for large corporations and organizations. This includes call center management, AI data management and analysis, along with providing other IT services such as app development and, ironically, security. Some of their biggest customers include Google, Meta, and even the Canadian government.
ShinyHunters, on the other hand, is a cybercriminal group that since its creation in 2019 has been known for large-scale extortion campaigns targeting major companies. The group has carried out numerous cyber extortion operations, even partnering with other groups such as Scattered Spider in 2023 to hack major Las Vegas casinos like Caesars Palace and MGM Grand. The attacks resulted in stolen source code, company data, and a $15 million ransom paid by Caesars Entertainment.
Making Headlines
Rumours about this massive breach have been circulating since January, after BleepingComputer was informed about it. Telus was also investigating the breach at the time. Sometime in February, ShinyHunters began extorting the company, demanding $65 million. The major headlines only started appearing recently after the threat actors contacted Reuters, where they first claimed to have stolen over 700 terabytes of data. The group also claims to have data belonging to 28 major international companies.
ShinyHunters Statements
After speaking with both Reuters and BleepingComputer, ShinyHunters has made several claims about the breach that cannot yet be fully confirmed. The group said the breach was enabled by Google Cloud Platform credentials discovered in data stolen during the Salesloft Drift breach. According to the group, they used these credentials to access multiple systems, then pivoted to other methods and attack vectors to gain further access.
As of now, the group claims to have stolen roughly 1 petabyte of data. They also shared with BleepingComputer the names of 28 companies, all customers of Telus, that were allegedly impacted by the breach. ShinyHunters is now threatening to publish the data if the company does not pay its $65 million ransom demand.
Telus Responds
Just days after the Reuters article about the breach, Telus Digital created a page on its website addressing the incident. The company confirmed the cybersecurity incident, stating that the attackers had access to a “limited number of systems.” It also said that operations remain completely normal and have not been impacted, adding that investigations are still ongoing. If the scale of the breach is accurate, as ShinyHunters claims, the company appears to be significantly downplaying the attack with such a limited statement.
Conclusion
As of now, the true extent and contents of the breach cannot be confirmed, but if ShinyHunters’ claims are accurate, Telus Digital is significantly downplaying it. This saga appears to have been ongoing for months and is likely to continue, as the group continues to threaten the company, which has refused to pay. Time will reveal the full scope of the breach and whether the data is eventually published on the darknet.
0 Comments