Their security contractor, Johnson Controls, might have “compromised sensitive physical security information such as DHS floor plans.” The Department of Homeland Security is feeling really insecure because hackers hit the “alarm and building automation system giant” so hard that nobody knows the extent of the damage yet.
DHS headquarters exposed
DHS officials are scrambling to find out how much data was exfiltrated from Johnson Controls. They’re advising Alejandro Mayorkas to work from home because assassins might have a map to his office.
The company was founded in Milwaukee but has it’s corporate headquarters in Cork, Ireland. They manufacture “industrial control systems, security systems and HVAC equipment.” It’s been reported that “a threat actor encrypted many company devices, including VMware ESXi servers.”
CNN is reporting that they were victim of a ransomware attack but nobody is saying a word beyond what was released in the official statement. Senior officials “are working to determine” the extent of the breach. Meaning they hope it isn’t as bad as they fear.
I am so happy to be mentioned by @BleepinComputer in the report related to the ransomware attack by the Dark Angels team on Johnson Controls company.
For more information, click here: https://t.co/H0SjdIpV5U pic.twitter.com/H7l6JfUPEW— Gameel Ali ???? (@MalGamy12) September 27, 2023
It turns out that Johnson Controls “holds classified/sensitive contracts” for the department “that depict the physical security of many DHS facilities.”
The looming shutdown has them even more insecure. It could go into effect as early as Sunday morning. That makes tracking down the cyber intruders and controlling the damage “especially time sensitive.”
They don’t even know “which DHS offices might be affected by the attack,” an internal memo admits.
Don’t know full impact
“Until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers,” the internal memo reveals.
They also added that it’s “unclear if the cybercriminal hackers accessed that information.” The FBI doesn’t have a clue.
“We do not currently know the full extent of the impact on DHS systems or facilities.” All the public knows is that the “cyberattack hit Johnson Controls in the last week, causing disruptions to internal IT systems and knocking some of the company’s subsidiary websites offline.” If there is a ransom, the company doesn’t plan to pay it.
Today Johnson Controls, an ICS/SCADA vendor, confirmed they were a victim of Dark Angels ransomware group.
Dark Angels claims to have have exfiltrated 27TB of sensitive data from Johnson Controls
We are unfamiliar with Dark Angels ransomware group. pic.twitter.com/I28yddzIqB
— vx-underground (@vxunderground) September 27, 2023
That means the hack is “expected to continue to cause disruptions to some of Johnson Controls’ business operations.” It’s so bad that they had to alert the U.S. Securities and Exchange Commission on Wednesday, September 27.
Meanwhile, Johnson Controls has hired “external cybersecurity experts” to recover from the “cybersecurity incident,” and is in touch with its insurers. That announcement sent Mayorkas into hiding.
“Company spokesman Trent Perrotto declined to comment when CNN asked what DHS data the company stores and whether sensitive physical security information was compromised in the cyberattack.“
