Security Market Segment LS
Saturday, 06 June 2020 10:58

Global defence group ST Engineering takes second hit from Maze ransomware Featured

Global defence group ST Engineering takes second hit from Maze ransomware Image by Sasin Tipchai from Pixabay

A group of attackers have used the Windows Maze ransomware to breach the systems of the US subsidiary of ST Engineering, a global technology, defence and engineering group specialising in the aerospace, electronics, land systems and marine sectors, for a second time, security sources tell iTWire.

The first attack was on 7 March and the second in May, according to indications on the Maze website. Both attacks were on the systems of VT San Antonio Aerospace which is based in Texas.

ST Engineering is based in Singapore and had 23,000 employees in 2016, according to Wikipedia. The company's revenue in 2019 was S$7.86 billion (A$8.08 billion). Its major owner is Temasek Holdings which holds a 50.15% stake.

The company's website says it has undertaken more than 700 smart city projects in 130 cities. It claims to have carried out projects in the defence, government and commercial segment in more than 100 countries.

In October last year, ST Engineering launched a Cybersecurity Operation Centre As-A-Platform "that delivers customised security operations centre solutions that will result in greater operational efficiency and significant cost savings for customers’ digital assets".

About 1.5 terabytes of data are claimed to have been exfiltrated from ST Engineering by the Maze attackers.

In one leaked document obtained after the first attack, which iTWire has seen, the IT manager for the Texas firm, Michael Daly, has listed the systems and data attacked at the company.

The document says the Maze ransomware infected a number of systems at about 6am on the morning of 8 March.

Daly wrote that the next three days were spent in inspecting and completing data recovery.

"As the infection happened over a weekend, no significant data loss was identified. All systems were fully recovered," he wrote.

The attack was not detected by either McAfee software or Windows Defender. "The only indication that a platform was affected is renamed files and associated 'DECRYPT-FILES.txt' located in the same folder as encrypted files," Daly wrote.

Contacted for comment on Saturday, Ed Onwe, vice-president/general manager of VT San Antonio Aerospace, said: "VT San Antonio Aerospace discovered that a sophisticated group of cyber criminals, known as the Maze group, gained unauthorised access to our network and deployed a ransomware attack.

"At this point, our ongoing investigation indicates that the threat has been contained and we believe it to be isolated to a limited number of ST Engineering's US commercial operations. Currently, our business continues to be operational.

"Upon discovering the incident, the company took immediate action, including disconnecting certain systems from the network, retaining leading third-party forensic advisors to help investigate, and notifying appropriate law enforcement authorities.

"As part of this process, we are conducting a rigorous review of the incident and our systems to ensure that the data we are entrusted with remains safe and secure. This includes deploying advanced tools to remediate the intrusion and to restore systems. We are also taking steps to further strengthen the company's overall cyber security architecture.

"Trust between our company and all of our stakeholders — including our employees, customers and business partners — is core to our culture and business values. We are committed to responding to this incident transparently and proactively, and already have begun notifying potentially affected customers. We will be working with our customers and industry peers to share insights and any lessons learned so that they can learn from our experience."



Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.




Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Webinars & Events