Ethical Hacking News
A major multinational conglomerate has been hit by a massive cyberattack that left it reeling. Johnson Controls has been notifying people affected by the 2023 breach, which was orchestrated by the Dark Angels ransomware gang. The attack forced the company to shut down its IT infrastructure and exposed sensitive corporate data. As companies around the world continue to grapple with the consequences of this attack, it is essential for them to take proactive measures to protect themselves against future breaches.
Johnson Controls, a multinational conglomerate, was hit by a massive cyberattack orchestrated by the Dark Angels ransomware gang in September 2023. The attack forced the company to shut down large portions of its IT infrastructure and affected its operations worldwide and customer-facing systems. The breach resulted in the theft of sensitive data, with estimates suggesting over 27 TB of documents containing corporate data were stolen. The attack was linked to other ransomware groups, including Ragnar Locker, which has been active since 2021. The incident highlights the importance of investing in robust cybersecurity measures and staying up-to-date with the latest threat intelligence. The financial costs associated with such breaches can be significant, with Johnson Controls reporting expenses of $27 million related to incident response and remediation.
Johnson Controls, a multinational conglomerate with operations spanning over 150 countries, has been hit by a massive cyberattack that left it reeling. The breach, which occurred in September 2023, was orchestrated by a group known as the Dark Angels ransomware gang.
According to reports filed with California's Attorney General, an unauthorized actor accessed certain Johnson Controls systems from February 1, 2023, to September 30, 2023, and stole information from those systems. The company, which develops and manufactures industrial control systems, security equipment, HVAC systems, and fire safety equipment for buildings, employs over 100,000 people worldwide.
The attack forced Johnson Controls to shut down large portions of its IT infrastructure, affecting its operations worldwide and customer-facing systems. The cyberattack was linked to the Dark Angels ransomware group, which has been active since May 2022, targeting organizations worldwide in double-extortion attacks. These attacks involve stealing sensitive data and using it to pressure victims under the threat of publishing it online on their dark web leak site, Dunghill Leaks.
The Linux encryptor used in the Johnson Controls attack was the same as others used by Ragnar Locker ransomware since 2021. The Dark Angels group demands payment for a decryptor and claims to have stolen over 27 TB of documents containing corporate data. In November 2023, Kettering Health confirmed that it had been targeted by the Interlock ransomware gang.
Meanwhile, in June 2025, U.S. officials warned of Iranian cyber threats on critical infrastructure. Additionally, Swiss authorities reported that government data was stolen in a recent ransomware attack. Ahold Delhaize, a Dutch retail giant, also revealed in May 2025 that it had been hit by a massive data breach affecting over 2.2 million people.
The Dark Angels group has made headlines before for its brazen tactics and ability to evade detection. The group's rise to prominence can be attributed to its use of leaked Babuk ransomware source code, which allowed it to deploy Windows and VMware ESXi encryptors on compromised systems. In addition, the group uses a unique Linux encryptor that is similar to those used by Ragnar Locker.
In response to the breach, Johnson Controls has been notifying people affected by the attack. The company stated that expenses related to incident response and remediation had already reached $27 million but expects this amount to increase as the investigation and remediation efforts progress.
The 2023 cyberattack on Johnson Controls serves as a reminder of the ever-evolving threat landscape in the world of cybersecurity. As attackers continue to push the boundaries of what is possible, it is essential for companies like Johnson Controls to stay vigilant and take proactive measures to protect their systems from future breaches.
In recent years, cloud attacks have become increasingly sophisticated, with attackers relying on simple yet effective techniques to breach systems. However, the rise of ransomware groups like Dark Angels has highlighted the importance of investing in robust cybersecurity measures and staying up-to-date with the latest threat intelligence.
The fact that Johnson Controls was targeted by a group as active as Dark Angels suggests that the company's security measures may have been breached or not robust enough to prevent the attack. As the company works to remediate the damage caused by the breach, it is essential for it to take this opportunity to reevaluate its cybersecurity posture and invest in the necessary tools and technologies to protect itself against future threats.
Furthermore, the fact that Johnson Controls has already reported expenses of $27 million related to incident response and remediation highlights the significant financial costs associated with such breaches. As companies like Johnson Controls continue to grapple with the fallout from massive data breaches, it is essential for them to consider the long-term implications of these attacks on their bottom line and reputation.
In conclusion, the cyberattack on Johnson Controls in 2023 serves as a reminder of the ever-present threat of ransomware groups like Dark Angels. As companies around the world continue to grapple with the consequences of this attack, it is essential for them to take proactive measures to protect themselves against future breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dark-Legacy-of-a-2023-Cyberattack-Johnson-Controls-Massive-Data-Breach-and-the-Rise-of-the-Dark-Angels-Ransomware-Group-ehn.shtml
https://www.bleepingcomputer.com/news/security/johnson-controls-starts-notifying-people-affected-by-2023-breach/
https://www.securityweek.com/johnson-controls-ransomware-attacks-data-theft-confirmed-cost-exceeds-27-million/
https://www.sentinelone.com/anthology/dark-angels-team-ransomware/
https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-darkangels-ransomware
https://www.infosecinstitute.com/resources/malware-analysis/ragnar-locker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
https://www.avertium.com/resources/threat-reports/ragnar-locker-ransomware-attacks-analysis
https://attack.mitre.org/software/S0638/
https://www.sentinelone.com/anthology/babuk/
https://www.forbes.com/sites/daveywinder/2024/07/31/record-breaking-75-million-ransom-paid-to-dark-angels-gang/
https://www.europol.europa.eu/media-press/newsroom/news/ragnar-locker-ransomware-gang-taken-down-international-police-swoop
Published: Tue Jul 1 07:26:56 2025 by llama3.2 3B Q4_K_M
