Industrial cybersecurity company Dragos has refuted claims made by the cybercrime group BlackCat and Alphv regarding a supposed breach of their systems. The group threatened to disclose executive data if Dragos failed to respond within 24 hours, citing a third-party breach.
Dragos swiftly initiated an investigation following the claims but found no substantiated evidence supporting the hackers’ allegations. Addressing the situation, the company stated its commitment to data protection and the seriousness with which they handle such matters. Dragos emphasized the immediate deployment of internal and external security resources to probe the allegations.
As of now, Dragos has not been directly contacted by the cybercriminals and asserts that their investigation has not uncovered any compromise within their systems. The company assured continued monitoring and investigation into the situation.
This incident isn’t the first time Dragos has faced such unfounded allegations. Previously, the threat actor RansomedVC, which later announced its closure, made contradictory claims involving Dragos, Accenture, and Colonial Pipeline in October. Dragos dismissed these claims as clearly false at the time.
While acknowledging a limited breach in May where a ransomware group accessed threat intelligence reports, a SharePoint portal, and a customer support system, Dragos clarified that this breach was contained. An elaborate extortion scheme, including private messages sent to company executives, ultimately failed.