Last week, we reported that the largest bookstore chain in the United States, Barnes & Noble (over 600 stores in 50 states), which also operates the Nook Digital e-book platform, was hit by a hack.
The attack took place on October 10, 2020, after which many users noticed the unavailability of a number of the company's services, and employees reported that a virus “penetrated” the Barnes & Noble network, which initially infected corporate offices, and then reached offline stores, where it affected the work of cash registers and interfered with the placing of orders.
As a result, representatives of Barnes & Noble officially confirmed that the company was subjected to a cyberattack, in which cybercriminals gained access to some corporate systems. The company said in a statement that no user billing information was disclosed, but Barnes & Noble would not claim that the hackers did not gain access to other personal information. The book giant has admitted that email addresses, billing addresses, shipping addresses, and purchase history have likely been compromised.
Now the journalists of the publication Bleeping computer They write that a hacker recently contacted them, saying that the responsibility for this attack lies with the hack group Egregor. An allegedly unnamed hacker gained access to the domain administrator's account, and then access to the company's network was granted to other attackers who encrypted the network devices.
Egregor is a relatively new threat. This hack group has been active only since mid-September of this year, but has already managed to get into the headlines of the media, since last week it announced that it managed to compromise the largest game developers – Ubisoft and Crytek, and steal their data, including the source codes yet the released game Watch Dogs: Legion.
Now the operators of Egregor have confirmed the words of the source of Bleeping Computer, saying that it was they who hacked Barnes & Noble and stole financial and audit data from the company. On its site on the darknet, the group published files that were allegedly stolen during the attack.
So far, instead of confidential information, this leak shows only parts of the Windows registry, which, apparently, were exported from the servers of Barnes & Noble. While this can be regarded as indirect confirmation that Egregor's operators were indeed involved in the attack, it does not prove that the hackers actually stole any financial documents or other files.
Representatives of Barnes & Noble have not yet commented on the group's statements.