Clorox security breach linked to group behind casino hacks


Clorox disinfecting wipes for sale at a Walmart Supercenter in Austin, Texas. Clorox said on Oct 4 that the attack significantly reduced sales and profit in the quarter ended in September and continues to affect operations. — AFP

A notorious group of hackers blamed for recent breaches on major US casino companies is also suspected of being behind a recent cyberattack against Clorox Co that has led to a nationwide shortage of its cleaning products.

Officials suspect that “Scattered Spider” is responsible for a breach that Clorox first disclosed in August, according to four people familiar with the situation, who asked not to be identified because the information isn’t public. The same group, known for its so-called social engineering tactics, was tied to attacks on Caesars Entertainment Inc and MGM Resorts International in recent weeks, Bloomberg News previously reported.

Clorox said on Oct 4 that the attack significantly reduced sales and profit in the quarter ended in September and continues to affect operations.

Scattered Spider hackers specialise in targeting call centres and IT help desks, impersonating employees to trick support staff into coughing up information to gain access to accounts. The fallout from their recent attacks has been profound.

At MGM properties, guests couldn’t charge purchases to their rooms, slot machines were shut down and reservation websites weren’t working. The impact on Clorox was arguably much worse.

The company didn’t respond to requests for comment.

However, in a statement on Wednesday, Clorox said fiscal first-quarter net sales will decrease by as much as 28% from a year ago because of the cyberattack, while organic sales – which strip out currency changes, acquisitions and divestitures – are expected to fall as much as 26%. The company had previously forecast organic sales increasing by mid-single digits. In addition, Clorox expects gross margin to be down from the year-ago quarter instead of rising as it had previously thought.

Clorox now sees an adjusted loss of as much as 40 cents a share “as the impact from the cybersecurity attack more than offset the benefits of pricing, cost savings and supply-chain optimization”. Analysts, on average, anticipated profit of US$1.37 a share before the cyberattack was announced.

“Based on its current assessment of the situation, the company expects to experience ongoing, but lessening, operational impacts in the second quarter as it makes progress in returning to normalised operations,” according to the statement. “Clorox is in the process of assessing the impact of the cyberattack on fiscal year 2024 and beyond.”

On Sept 29, Clorox indicated that it was still working to recover from the disruption. “We are ramping up production and working to restock trade inventories,” the company said in a statement. “We are focusing on maximising shipments and restocking trade inventories.”

The company previously disclosed that the attack damaged its information technology systems and caused widespread disruptions in operations. It came at a time when Clorox was already going through an internal restructuring and trying to figure out a path forward following a big sales slump in disinfectants as the pandemic waned. All of Clorox’s US facilities were affected by the cyberattack, and factories remained open despite halting production at some. Employees focused on cleaning, maintenance and training.

While production is ramping up now, the company hasn’t provided an estimate as to how long it may take to restore operations to normal. Clorox is meanwhile at risk of ceding market share to rivals as outages of its products – including cat litter, Hidden Valley salad dressing and Pine-Sol – show up across US retailers. Through Tuesday’s close, Clorox’s shares were off about 17% since the company announced the breach.

Still, many details of the attack remain unknown. For instance, it isn’t yet clear whether the hackers deployed ransomware, a type of malicious software that encrypts files, nor is it clear if the hacking group used social engineering to gain a foothold in Clorox’s network. Clorox said it’s working with the FBI and the investigation is progressing.

Scattered Spider has been known to work with a ransomware gang called ALPHV. In ransomware attacks, hackers demand payment in exchange for a key that unlocks the victim’s files.

Scattered Spider is believed to be comprised of five to six core members, with their ages ranging from 19 to 25 years, according to three of the people familiar with the situation. The group is believed to be operating in the US and UK and is actively being investigated by the FBI, the people said. – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Exclusive-Amazon likely to face investigation under EU tech rules next year, sources say
US natgas producers chase AI-driven surge in power demand to weather low prices
Snowflake shares surge on rosy forecast, AI deal with Anthropic
Digital banks lead profitability gains among Brazilian lenders, says central bank
PayPal fixes outage that affected thousands worldwide
X's former top policy chief takes job with Elon Musk rival, Sam Altman
Alibaba integrates e-commerce platforms into a single business unit
US watchdog issues final rule to supervise Big Tech payments, digital wallets
Nvidia to build AI school in Indonesia, VP says
A Google PC running Android could be in the works

Others Also Read