Xerox Business Solutions confirms intrusion

In a recent development, Xerox has officially acknowledged a cyber intrusion into the systems of its US subsidiary, Xerox Business Solutions (XBS). This revelation comes a week after the INC Ransom group claimed responsibility for breaching XBS and extracting sensitive data, including financial documents and emails. This article delves into the details of the attack, its potential impact, and the evolving dynamics of the cybersecurity landscape.

INC Ransom publicly disclosed its attack on XBS on December 29, 2023, highlighting the breach on its online leak blog. The leaked data reportedly included a variety of confidential files, prompting concerns about the compromise of financial information and private emails.

Xerox, in its official statement, confirmed the "security incident" and clarified that it was confined to XBS in the US. The company assured stakeholders that the breach had no impact on Xerox's corporate systems, operations, or data. Additionally, Xerox stated that it is actively collaborating with third-party cybersecurity experts to conduct a comprehensive investigation and enhance the security of the XBS IT environment.

Xerox acknowledged the possibility of "limited personal information" being compromised. The company emphasized its commitment to data privacy and protection, assuring affected individuals that notifications would be issued in accordance with their policies.

Delving into the group responsible, INC Ransom. They are a relatively new player in the threat landscape operating since July 2023. They use a double extortion model, this involves not only encrypting the victim's data but also publicly disclosing sensitive information to expedite ransom negotiations. The removal of the post related to the XBS attack suggests potential re-engagement between XBS and INC Ransom, possibly indicating negotiations for the removal of the stolen data from public view.

This is not the first time Xerox has faced a cybersecurity threat. In 2020, the Maze gang claimed responsibility for a ransomware attack on Xerox, alleging the theft of over 100GB of data.