Acer Confirms Breach as Hacker Begins To Sell Stolen IP for Monero


Taiwanese electronics maker Acer confirmed it suffered a data breach that compromised intellectual property, among other stuff. The company confirmed the breach, which occurred mid-February 2023, this week after the hacker began selling the compromised data on an underground forum.

Acer, the world’s sixth-largest PC maker, suffered what seems to be a treasure trove of company data, including over 2,869 files and 655 directories totaling approximately 160 gigabytes. The threat actor, nicknamed Kernelware, broke into a server hosting private documents, which is, rather was, used by technicians.

However, the company said customer data remains unaffected. “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” Acer told multiple publishers.

Kernelware’s post on BreachForums claims they are selling Acer’s confidential slides/presentations, technical manuals used by company staff, Windows Imaging Format files, multiple binaries, backend infrastructure information, confidential product documents, etc.

“While most data thefts we hear about include personally identifiable information or financial information, intellectual property is also high on the attackers list. It is just as important to protect file servers and storage platforms as it is for databases,” Dror Liwer, co-founder of cybersecurity company Coro, told Spiceworks.

“The main issue is that to adequately protect servers and file systems, more than one security tool needs to be deployed, adding to the complexity and resulting in potential blind spots that elude the security team.”

Kernelware continued that they also compromised, stole and are selling Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components and ROM files. “honestly there’s so much sh*t that it’ll take me days to go through the list of what was breachedlol,” Kernelware wrote.

BreachForums Post by Kernelware on Acer Breach | Source: SecurityWeek

See More: News Corp Hackers Hid Inside the Network for Two Years

Erich Kron, security awareness advocate at KnowBe4, told Spiceworks, “Not all data breaches need to contain personal information about customers or employees, or financial information such as credit cards, to be a concern. In this case, Acer is potentially looking at the release of some of its intellectual property and potentially sensitive company documents.”

With the kind of proprietary information out in the open, there is a lot at stake for Acer, which before now was targeted twice in 2021, first by the REvil ransomware gang and later by the Desorden Group.

“Organizations spend a lot of time and money developing proprietary procedures and processes, as well as technical information about their products. In the very competitive world of electronics and technology, this information can be very valuable to competitors, and the technical information may be very valuable to bad actors wishing to create exploits targeting the victims’ products,” Kron added.

“Stolen sensitive information like this highlights the need for strong Data Loss Prevention (DLP) controls and controls related to the protection of sensitive information in general. Once this information is leaked, there is no getting it back, so it is wise for organizations to invest in preventative measures and controls to stop it before it happens.”

“Since the majority of data breaches begin with the human element, either through email phishing or misconfigurations, it makes sense to invest in user education and training related to spotting and reporting phishing emails, and to ensure that processes and procedures related to the securing of sensitive information are effective and being followed.”

Kernelware is looking to sell the compromised data in exchange for Monero cryptocurrency as payment.

Surfshark dataOpens a new window indicates that compared to the first quarter of 2020, 2021, and 2022, data breaches in Q1 2023 are 94.09%, 96.56%, and 73.62% lower, respectively.

Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Image source: Shutterstock