New Great Morpheus Hacker Group Claims Hacking Into Arrotex Pharmaceuticals And PUS GmbH

A Data Leak Site (DLS) belonging to a new extortion group named Morpheus, which has stolen data from Arrotex Pharmaceuticals (Australia) on December 12th and PUS GmbH (Germany) on December 20th. 

Morpheus offers stolen data for sale on the DLS, requiring buyers to create accounts. While a researcher suggests a link to Hellcat ransomware, there is no definitive evidence of ransomware deployment or any connection between the groups.

Extortion groups leverage Data Leak Sites (DLS) to escalate pressure on victims as initial threats involve public shaming by publishing the victim’s name and attack details on the group’s website. 

If this fails, the group escalates by releasing proof of data theft, such as screenshots of internal files, sensitive documents, and personally identifiable information. 

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

A countdown timer is often introduced, implying the release of all stolen data to the public or on the DLS, either for free or a fee, upon expiration.

Cyjax observes a concerning increase in the emergence of new DLSs in recent years, highlighting the growing significance of this threat vector.

The Morpheus Dark Web Leak Site (DLS) presents a three-tiered access structure. Unregistered users can view the landing page, showcasing a list of compromised organizations, which includes victim descriptions, stolen data samples, and contact instructions for data purchases. 

Unauthenticated users can also access registration and login pages, while account creation necessitates a username, password, and CAPTCHA completion. 

The DLS offers a user-friendly night-mode toggle for improved visibility. Upon authentication, users gain access to two restricted sections: “Protected” and “Chat.” 

The “Protected” area enables users to submit requests for access to sensitive data, potentially including additional samples beyond those publicly displayed on the “Feed” page.

The “Chat” function appears to provide a direct communication channel with the group’s administrators, likely intended to facilitate negotiations regarding payment for the advertised data.

It claimed to have exfiltrated 2.5TB of sensitive data from Arrotex Pharmaceuticals, a subsidiary of DBH Global Enterprises, which followed a previously disclosed cybersecurity incident where a malicious actor gained unauthorized access to a DBG storage server on August 25, 2024. 

Morpheus published evidence including PII, file trees, and compliance documents, suggesting successful data theft, which includes confidential documents, recruitment records, partner information, financial data, and business plans, which could be used for extortion, competitive advantage, or other malicious purposes.

On December 20, 2024, the ransomware group Morpheus publicly claimed to have compromised PUS GmbH, a Germany-based electronics manufacturer with an estimated $5 million in revenue. 

Morpheus is alleged to have exfiltrated sensitive data, including employee PII, customer databases, and server configuration files. The group released sample data, including invoices and HTTP server configuration data, to support their claim. 

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!