HellCat hackers go on a worldwide Jira hacking spree – BleepingComputer

Microsoft: March Windows updates mistakenly uninstall Copilot
New Windows zero-day exploited by 11 state hacking groups since 2017
Malicious Android ‘Vapor’ apps on Google Play installed 60 million times
Critical AMI MegaRAC bug can let attackers hijack, brick servers
Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix
Is it time to retire ‘one-off’ pen tests for continuous testing?
HellCat hackers go on a worldwide Jira hacking spree
Only a few of these refurbished $50 Lenovo Chromebook tablets left
How to access the Dark Web using the Tor Browser
How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
How to use the Windows Registry Editor
How to backup and restore the Windows Registry
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
Remove the Theonlinesearch.com Search Redirect
Remove the Smartwebfinder.com Search Redirect
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Antivirus 2009 (Uninstall Instructions)
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
eLearning
IT Certification Courses
Gear + Gadgets
Security
Best VPNs
How to change IP address
Access the dark web safely
Best VPN for YouTube

Swiss global solutions provider Ascom has confirmed a cyberattack on its IT infrastructure as a hacker group known as Hellcat targets Jira servers worldwide using compromised credentials.
The company announced in a press release that hackers on Sunday breached its technical ticketing system and is currently investigating the incident.
Ascom is a telecommunications company with subsidiaries in 18 countries focusing on wireless on-site communications.
HellCat hacking group claimed the attack and told BleepingComputer that they stole about 44GB of data that may impact all of the company’s divisions.
Ascom says that the hackers compromised its technical ticketing system, the incident had no impact on the company’s business operations, and that customers and partners do not need to take any preventive action.
“Investigations against such criminal offenses were initiated immediately and are ongoing. Ascom is working closely with the relevant authorities” – Ascom
Rey, a member of the HellCat hacking group, told BleepingComputer that they stole from Ascom source code for multiple products, details about various projects, invoices, confidential documents, and issues from the ticketing system.
The Swiss company did not provide technical details about the breach but targeting the Jira ticketing system has become a common attack method for the HellCat hackers.
Jira is a project management and issue-tracking platform commonly used by software developers and IT teams to track and manage projects. The platform often contains sensitive data, such as source code, authentication keys, IT plans, customer information, and internal discussions related to these projects.
Previous incidents claimed by HellCat and confirmed by the targeted companies count Schneider Electric, Telefónica, and Orange Group, and in all three instances the hackers breached their way in through Jira servers.
Recently, the same hackers also took responsibility for an attack on the British multinational car maker Jaguar Land Rover (JLR) and stole and leaked about 700 internal documents.
As the threat actor describes it, the leak includes “development logs, tracking data, source codes” and an employee’s data that exposed “sensitive information such as username, email, display name, timezone, and more.”
Alon Gal, co-founder and CTO at threat intelligence company Hudson Rock, says the JLR breach follows a pattern specific to HellCat hackers.
“At the heart of this latest incident lies a technique that has become HELLCAT’s signature: exploiting Jira credentials harvested from compromised employees that were infected by Infostealers” – Alon Gal
The researcher said that the JLR incident was possible by using the credentials of an LG Electronics employee with third-party credentials to JLR’s Jira server.
Gal highlights that the compromised credentials were not fresh and had been exposed for several years but remained valid all this time, allowing hackers to take advantage.
HellCat’s activity didn’t stop at these breaches as the threat actor announced today that they compromised the Jira system of Affinitiv, a marketing company that provides data analytics a platform for OEMs and dealerships in the automotive industry.
The threat actor confirmed to BleepingComputer that they breached Affinitiv through a Jira system and disclosed publicly that they stole a database with a little over 470,000 “unique emails” and more than 780,000 records.
When contacted by BleepingComputer about the alleged attack, Affinitiv said that they had begun an investigation.
To prove the breach, hackers published two screenshots with names, email addresses, postal addresses, and dealership names.
Alon Gal is warning that Jira “has become a prime target for attackers due to its centrality in enterprise workflows and the wealth of data it houses” and this type of access can be used to “move laterally, escalate privileges, and extract sensitive information.”
As credentials collected by infostealers are easy to find and given that some of them remain unchanged for years as companies fail to include them in a regular rotation process, such attacks will likely become more frequent.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Pennsylvania education union data breach hit 500,000 people
Orange Group confirms breach after hacker leaks company documents
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
UnitedHealth now says 190 million impacted by 2024 data breach
Sperm donation giant California Cryobank warns of a data breach
Not a member yet? Register Now
Critical RCE flaw in Apache Tomcat actively exploited in attacks
Microsoft: March Windows updates mistakenly uninstall Copilot
New Windows zero-day exploited by 11 state hacking groups since 2017
Learn why identity attacks were the #1 threat facing organizations in 2024
Are you preventing browser-based data leaks? Learn how to stop these new threats
Qilin Ransomware: Uncovering the TTPs Behind One of Today’s Most Active Threats
Interested in changing your approach to penetration tests?
TMPN Skuld Stealer: Malware wreaking havoc on open source
Terms of Use – Privacy Policy – Ethics Statement – Affiliate Disclosure
Copyright @ 2003 – 2025 Bleeping Computer^® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.