A10 Networks confirms data breach after Play ransomware attack

The California-based networking hardware manufacturer ‘A10 Networks’ has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data.

A10 Networks specializes in the manufacturing of software and hardware application delivery controllers (ADC), identity management solutions, and bandwidth management appliances, while it also offers firewall and DDoS threat intelligence and mitigation services.

Its customers include Twitter, LinkedIn, Samsung, Uber, NTT Communications, Sony Pictures, Windows Azure, Xbox, Yahoo, Alibaba, China Mobile, Comcast, Deutsche Telekom, Softbank, GE Healthcare, GoDaddy, and Huffington Post.

In an 8-K filing submitted earlier this week, the company says the security incident occurred on January 23, 2023, and lasted for a few hours before its IT team managed to stop the intrusion and contain the damage.

The company's investigation determined that the threat actors managed to gain access to shared drives, deployed malware, and 'compromised' data related to human resources, finance, and legal functions.

Despite the successful network intrusion, the firm says the security incident has not impacted any of its products or solutions and cannot have affected its customers.

“Working with outside experts, the Company has contained the attack within its network and has notified the appropriate law enforcement authorities of the incident,” reads the 8-K filing.

“The Company currently does not expect this incident to have a material impact on its operations.”

The Play ransomware gang added A10 Networks to its extortion site yesterday, threatening to leak the files it stole during the intrusion on Sunday.

The threat actors claim to possess confidential files, including technical documentation, employee and client documents, agreements, and personal data.

The Play ransomware group has become one of the most active players, known for targeting a Microsoft Exchange flaw to gain remote code execution (RCE) and infiltrate victim networks.

The gang has recently compromised the Belgian city of Antwerp, the H-Hotels hotel chain in central Europe, the Arnold Clark car retailer, and the cloud computing services provider Rackspace.