Blue Yonder: Termite ransomware group claims hack from Nov. 2024

Sicherheit (Pexels, allgemeine Nutzung)[German]Last week, I received information that Blue Yonder had fallen victim to a ransomware attack. As the company probably also offers its services in Germany, I am taking up the case here in the blog. Customers of the company should be prepared to become the target of further attacks.

Who is Blue Yonder?

Blue Yonder Group, Inc. is a US software manufacturer for supply chain management (SCM), demand chain management and enterprise resource planning (ERP). The company is based in Scottsdale (Arizona). On its website, the provider describes itself as the world's leading digital fulfillment platform and end-to-end supply chain management solutions. Alnatura, for example, is one of the customers that may use its category management solution. DHL and bonprix are also listed as customers, as are Coca-Cola and Philip Morris.

Termite Ransomware infection

On December 6, 2024, I received the following tweet about a cyber incident at Blue Yonder via Hacmanac. The ransomware group Termite takes responsibility for the attack on Blue Yonder.

Blue Yonder ransomeware attack

The November 21, 2024 ransomware attack on supply chain solutions provider Blue Yonder disrupted the operations of several large enterprise customers, including Starbucks, BIC and Morrisons. The attack affected key supply chain management systems just before Thanksgiving in the US.

Hackmanac writes that Starbucks experienced disruptions to its staff scheduling system while maintaining payroll operations. Lighter and pen manufacturer BIC reported limited shipping delays, while Morrisons struggled with fresh food inventory management issues and had to resort to backup systems to mitigate the impact.

The Termite ransomware group claims to have exfiltrated 680 GB of data. This is said to include databases as well as email lists (over 16,000 entries), various documents (over 200,000), reports and insurance documents. The ransomware group is probably planning to use the captured email lists for future attacks. Customers who have been in contact with Blue Yonder by email should therefore be prepared to become the focus of the Termite ransomware group.

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *