Hitachi Vantara

Hitachi Vantara, a managed service provider, was targeted by the Akira ransomware group, which systematically compromised high-value infrastructure providers. The attack involved stolen credentials and vulnerability exploitation, leading to data theft and encryption. The ransomware operators disabled security software to establish persistence and used legitimate tools to evade detection. The attack disrupted services and potentially exposed sensitive client data, amplifying the risk of financial and reputational damage.

Source: https://cybersecuritynews.com/akira-and-lynx-ransomware/

TPRM report: https://www.rankiteo.com/company/hitachi-vantara

"id": "hit355080725",
"linkid": "hitachi-vantara",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'Hitachi Vantara',
                        'type': 'Managed Service Provider'},
                       {'industry': 'Technology',
                        'name': 'Toppan Next Tech',
                        'type': 'Managed Service Provider'},
                       {'industry': 'Media',
                        'location': 'Chattanooga, Tennessee',
                        'name': 'CBS affiliate television station',
                        'type': 'Media Organization'}],
 'attack_vector': ['Stolen credentials',
                   'Vulnerability exploitation',
                   'Phishing'],
 'data_breach': {'data_encryption': 'Yes',
                 'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information',
                                              'Payment Information']},
 'description': 'Two sophisticated ransomware operations, Akira and Lynx, have '
                'emerged as significant threats to managed service providers '
                '(MSPs) and small businesses. These groups deploy advanced '
                'attack techniques combining stolen credentials with '
                'vulnerability exploitation, compromising over 365 '
                'organizations.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'Yes',
            'identity_theft_risk': 'High',
            'operational_impact': 'High',
            'payment_information_risk': 'High'},
 'initial_access_broker': {'entry_point': ['Stolen credentials',
                                           'Vulnerability exploitation'],
                           'high_value_targets': ['Managed Service Providers',
                                                  'Law firms',
                                                  'Accounting firms',
                                                  'Construction companies']},
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': ['Stolen credentials',
                                            'Vulnerability exploitation']},
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransomware_strain': ['Akira', 'Lynx']},
 'references': [{'source': 'Acronis'}],
 'threat_actor': ['Akira ransomware group', 'Lynx ransomware group'],
 'title': 'Ransomware Attacks by Akira and Lynx Groups on MSPs and Small '
          'Businesses',
 'type': 'Ransomware'}