Crook(s) Rex Mundi Attacks and HR Platforms

Crook(s) Rex Mundi Attacks and HR Platforms

Platforms of the two of the leading Belgium HR companies – and were attacked by crooks last Wednesday. In a series of Twitter messages hacker under the name of Rex Mundi (@rexmundi14) announced that sensitive information for their users was stolen and will be soon leaked online. Shortly after that user sensitive data appeared on the notorious, a similar service as Pastebin.

The Attack
It seems that Rex Mundi has contacted both platforms’ administrators requesting financial compensation not to release that information (consisting of thousands of records). Neither of them has fulfilled his requirements, however, and all the data leaked last Friday. Currently, the platforms are not functioning probably due to maintenance of security.
Users’ information contained in both platforms was highly sensitive – it consisted of telephone numbers, full addresses, emails, even national security numbers (Social Security Numbers), tax registration numbers and bank account numbers. The more disturbing news is that it seems that when registering all that information was sent to the platforms’ servers without any encryption. Apparently they did not support any SSL certificates. Hopefully, this will be fixed in the forthcoming days when they launch again.
Through the same twitter account which seems to be created exactly for that purpose, Rex Mundi also announced that two more agencies security was breached. Those of Xtra-Interim – an agency for temporary employment (offline at the moment as well) and Novation – a website building company which took part in and creation. Sensitive data was stolen from these two as well, and a ransom of € 5000/6200 $ was requested.

Who Is Rex Mundi?

Rex Mundi’s attack is not his first, although it seems there are several individuals hiding under the same name. In a tweet message from Saturday, it was explicitly mentioned that the attacks have nothing in common with a similar crook hiding under the name of @Anon_RexMundi however.
There is no information for the real hacker(s) identity, although security specialists think that they might be French-speaking based on the nature of their targets.

The Aim
The goal of the attacks is purely financial – each time a hacker under the similar name (Rex Mundi, @rexmundi14, @Anon_RexMundi, etc.) performs an attack a ransom for the information stolen is later requested.
A similar attack happened in June this year to the Dominos Pizza restaurants in Belgium and France. More than 650,000 customer records were taken back then, and ransom for the amount of € 30,000 / $ 37,400 was requested. It’s not clear if this attack is coming from the same crook(s) however.