Stock in the Channel (STIC)

Stock in the Channel (STIC), a UK-based multinational offering a digital platform for IT stock availability and pricing across 34 distributors, suffered a **ransomware attack** by a sophisticated criminal group. The attackers exploited a **zero-day vulnerability** in a third-party application, causing **extensive infrastructure damage** and forcing a **website outage**. While the company states **no evidence of a data breach** exists and critical data has been recovered, its **60,000+ registered users** (including 25,000+ customers across 22 countries) faced disrupted access to real-time stock and pricing data. The platform, which functions as a stock search engine for resellers and managed service providers, remains **partially operational**, with potential inaccuracies in listings. Email and phone services were unaffected, but the **outage halted core operations**, impacting transactions and business continuity for users reliant on the platform for IT hardware procurement and sales. The company has not confirmed whether a ransom was demanded or paid.

Source: https://www.theregister.com/2025/08/14/stock_in_the_channel_pulls/

TPRM report: https://www.rankiteo.com/company/stock-in-the-channel

"id": "sto308081425",
"linkid": "stock-in-the-channel",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Technology (IT Stock Availability Tools)',
                        'location': 'UK (operates in 22 countries: Europe, '
                                    'North America, Australia)',
                        'name': 'Stock in the Channel (STIC)',
                        'size': '60,000+ registered users, 25,000+ registered '
                                'customers',
                        'type': 'Multinational Corporation'}],
 'attack_vector': 'Exploitation of a zero-day vulnerability in a third-party '
                  'application',
 'customer_advisories': ['Public website statement about partial service '
                         'restoration and potential data inaccuracies'],
 'date_detected': '2023-11-XXTlate_evening (exact date not specified, assumed '
                  "recent based on 'Tuesday evening' and 'Wednesday' "
                  'references)',
 'date_publicly_disclosed': '2023-11-XX (next morning after the attack, as per '
                            "'From early this morning, the company's website "
                            "says...')",
 'description': 'A UK-based multinational tech stock availability tool '
                'provider, Stock in the Channel (STIC), experienced a '
                'ransomware attack on Tuesday evening. The attackers exploited '
                'a zero-day vulnerability in a third-party application, '
                "causing extensive damage to the company's infrastructure. The "
                'website remains partially operational, with stock and price '
                'data potentially outdated. As of now, there is no evidence of '
                'a data breach, and critical data has been recovered. The '
                'company serves over 60,000 registered users and 25,000 '
                'customers across 22 countries, primarily managed service '
                'providers and resellers.',
 'impact': {'data_compromised': 'No evidence of data breach (as of current '
                                'reports)',
            'downtime': 'Since Tuesday evening (ongoing partial outage as of '
                        'Wednesday)',
            'operational_impact': ['Website outage',
                                   'Stock and price data potentially outdated',
                                   'Partial service restoration'],
            'systems_affected': ['Website',
                                 'Servers',
                                 'Infrastructure (extensive damage)']},
 'initial_access_broker': {'entry_point': 'Zero-day vulnerability in a '
                                          'third-party application'},
 'investigation_status': 'Ongoing (as of Wednesday, no further updates)',
 'post_incident_analysis': {'root_causes': ['Exploitation of zero-day '
                                            'vulnerability in third-party '
                                            'application']},
 'ransomware': {'data_encryption': True},
 'references': [{'date_accessed': '2023-11-XX (assumed recent)',
                 'source': 'The Register',
                 'url': 'https://www.theregister.com/'},
                {'date_accessed': '2023-11-XX (as of the incident)',
                 'source': 'Stock in the Channel (STIC) Website Statement',
                 'url': 'https://www.stockinthechannel.com/'}],
 'response': {'communication_strategy': ['Public statement on website',
                                         'Sales team directed to wait for '
                                         'official management comment'],
              'containment_measures': ['Working around the clock to repair '
                                       'infrastructure',
                                       'Partial service restoration'],
              'incident_response_plan_activated': True,
              'recovery_measures': ['Restoring normal operation (ongoing)'],
              'remediation_measures': ['Recovery of critical data'],
              'third_party_assistance': ['Tigren (website and app development '
                                         'company, previously worked on '
                                         'infrastructure)']},
 'threat_actor': 'Sophisticated group of criminal hackers (unspecified)',
 'title': 'Ransomware Attack on Stock in the Channel (STIC)',
 'type': ['Ransomware Attack', 'Cyber Attack'],
 'vulnerability_exploited': 'Zero-day vulnerability in a third-party '
                            'application (unspecified)'}