In 2023, Indonesia’s Harita Group, a major manufacturing and resource conglomerate, fell victim to a ransomware attack by the MalaLocker group. The assault targeted the company’s Zimbra email servers, leading to the leak of 99,000 emails (510 GB), exposing highly sensitive data related to its nickel and bauxite mining operations, coal activities, and strategic partnerships, including those with Glencore International. The breach not only caused operational disruptions impacting supply chains and financial stability but also raised environmental and corporate governance concerns due to the exposure of internal communications. The incident underscored the vulnerability of manufacturing firms to ransomware, where downtime directly translates into financial losses, reputational damage, and potential regulatory scrutiny. The leaked data included proprietary business strategies, contractual agreements, and operational details, exacerbating risks of competitive disadvantage and legal liabilities.
Source: https://ddosecrets.com/article/harita-group
TPRM report: https://www.rankiteo.com/company/harita-group
"id": "har453092125",
"linkid": "harita-group",
"type": "Ransomware",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': ['manufacturing',
'mining (nickel, bauxite, coal)'],
'location': 'Indonesia',
'name': 'Harita Group',
'type': 'private company'}],
'attack_vector': 'Zimbra servers',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['emails',
'documents (likely PDFs, spreadsheets, '
'internal reports)'],
'number_of_records_exposed': '99,000 emails',
'sensitivity_of_data': 'high (operational, partnership, and '
'environmental data)',
'type_of_data_compromised': ['emails',
'corporate operational data',
'partnership details']},
'date_publicly_disclosed': '2023',
'description': 'In 2023, Indonesia’s Harita Group, a prominent player in the '
'manufacturing sector, was subjected to a ransomware attack by '
'the lesser-known MalaLocker group. The attack targeted Zimbra '
'servers, resulting in the leak of 99,000 emails totaling 510 '
"GB, revealing sensitive information about the company's "
'nickel and bauxite mining operations, coal activities, and '
'partnerships, including with Glencore International. The '
'incident disrupted Harita’s operations and raised concerns '
"about environmental and corporate practices in Indonesia's "
'resource sectors.',
'impact': {'brand_reputation_impact': True,
'data_compromised': ['emails',
'sensitive corporate information (nickel and '
'bauxite mining operations, coal activities, '
'partnerships)'],
'downtime': True,
'operational_impact': True,
'systems_affected': ['Zimbra servers']},
'initial_access_broker': {'high_value_targets': ['Zimbra servers',
'corporate operational '
'data']},
'motivation': ['financial gain',
'data exfiltration',
'operational disruption'],
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'MalaLocker'},
'threat_actor': 'MalaLocker',
'title': 'Ransomware Attack on Harita Group by MalaLocker',
'type': 'ransomware'}