Tesla, SpaceX and Lockheed Martin documents leaked by hackers

A significant portion of the cybersecurity incidents currently recorded are due to some failure or omission of a third party, which ends up affecting many other companies. An American company that works as a supplier to firms such as Tesla and SpaceX has suffered a leak of private business documents belonging to its main customers.

The group of threat actors responsible for this leak is known as DopplePaymer, and has been revealing some confidentiality agreements signed between Visser Precision, the attacked company, and its customers, including both firms led by Elon Musk. In addition, hackers threaten to keep leaking private information unless they receive a payment for an undisclosed amount.

Hours after the rumor began circulating a spokesman for Visser Precision confirmed the incident, mentioning that hackers managed to extract the confidential information. In addition, the spokesman added that the cybersecurity incident is already being investigated and that the firm’s operations are carried out normally.  

It is not yet clear how hackers managed to compromise the company’s networks, although cybersecurity experts consider it highly likely to be a ransomware incident that also involves the theft of sensitive information. When questioned about the nature of the information extracted by hackers, the company’s spokesman only mentioned that, because the investigation is still ongoing, he is not allowed to add more details.

This hacker group has recently gained notoriety due to its involvement in the theft of information from other firms, including Boeing, Lockheed Martin and Blue Origin, a space exploration company owned by billionaire Jeff Bezos. Another firm going through a similar situation is PEMEX, an oil company controlled by the Mexican State.

Ransomware attacks alone are already a considerable threat to companies, although this is an example that everything can get worse. According to the International Institute of Cyber Security (IICS), it is prudent to start wondering whether ransomware attacks should be considered data breaches as well, as sometimes affected companies simply recover their files, without thinking where attackers could also find a way to extract sensitive information from their networks.