-
According to cybercriminals who allegedly carried out the attack, DGM, an Israeli IT company, was attacked using ransom software developed by the BQTLOCK group.
-
Cybercriminals claim to have stolen approximately 547 GB of internal company files, and they will be selling the files.
-
As of publishing, DGM has not issued any formal acknowledgment or response to this incident.
DGM, an Israel-based IT solutions company, fell victim to the BQTLOCK ransomware group, which hacked its systems and posted 526 GB of sensitive internal data for sale on a dark web forum.
This incident, which has been reported by a number of threat intelligence organizations, has not been confirmed by DGM as of the publication date.
DGM, an Israeli IT solutions company, is a major hardware reseller for desktops, laptops, servers, printers, networking devices, etc., and they primarily serve businesses and professionals.
According to publicly available company data, they provide complete IT solutions, including network design, server configuration, VPN setup, remote access systems, and they provide ongoing tech support.
The business serves as a complete technology solutions supplier to both large and small businesses throughout Israel.
Details of the Alleged Breach
The BQTLOCK Ransomware group has taken credit for this incident and has been making announcements about the stolen data as well as selling it on various illicit websites or in private marketplaces.
At present, this organization has yet to produce any more specific examples or descriptions as to what they are actually providing. Without these types of details, it has been challenging to gauge how sensitive or valuable the data is likely to be.
Furthermore, we have no confirmation of when the breach occurred, how the hackers accessed the network, or whether the stolen data was protected with encryption. Ransomware groups are increasingly using double extortion, holding company data hostage to demand higher payouts.
Recent high-profile attacks, such as the one impacting 1.5 million individuals at Japan’s Asahi Group, demonstrate the severe scale and downstream consequences these breaches can achieve.
The amount of data filed on the report indicates that there could be a large breach of the system (526 GB).
If this information is accurate, this would not only apply to DGM but to the client infrastructure/system as well, since DGM manages its client’s infrastructure/systems.
Potential Impact
Considering the range of clients DGM serves across its various business sectors (government agencies, educational institutions, banks, the military, and federal organizations), the lack of confirmation at this time raises concerns about the possibility of downstream risk associated with the breach.
This mirrors a troubling trend where breaches at service providers cascade to their clients, as seen recently when Dutch firm Eurofiber’s data breach exposed the information of its French customers on the darknet.
If the stolen data includes internal documents such as network diagrams or user credentials used to access DGM’s systems, it could pose risks not only to DGM but also to other organizations operating in the same industry. Investigators will not know the full extent or impact of the breach until they confirm it or additional data samples emerge.
Status Update As of Today
DGM has not made a public statement confirming that an actual ransomware incident has happened, and they have yet to release further information regarding the involvement of law enforcement.
The company has not activated its internal response protocols, nor has it confirmed whether it has notified any clients potentially affected by the incident. The details may change as more information becomes available or DGM releases an official statement.
