A threat actor, using the alias “abyss0,” posted claims for the breach on BreachForums, attempting to sell the allegedly stolen data.
400 GB of customer data allegedly stolen
The BreachForum post from abyss0, which has since been deleted from the forum, claimed it possessed 400GB of customers and internal data. The actor put up the entire data for sale, sharing a preview for interested dark web buyers.
The data, abys00 had said, is from Finastra’s Enterprise Service Bus (ESB) and has been exfiltrated via IBM Aspera, a Fast Adaptive Secure Protocol (FASP) based file transfer solution.