Data files belonging to Japanese technology giant Fujitsu are now being sold by a threat actor known as Marketo on the dark web.

While previously Fujitsu believed that the data stolen and posted for sale by the cybercriminal group was related to its own systems, it has now stated that the material appears to be related to the tech company’s customers.

Fujitsu data exposed

A post dated August 26 on Marketo’s dedicated leak site saw the gang boast that it was in possession of four gigabytes of stolen information and was making it available to buy. The gang offered sections of the content and claimed it had private customer data, company files, private reports, budget information and other sensitive Fujitsu documents, including information on specific projects.

While initially Marketo’s leak site stated it had already received 280 bids made for the data, this figure later plummeted to 71.

A statement by Fujitsu played the incident down and denied any connection with another cybersecurity incident experienced earlier this year when hackers illegally obtained information from entities within the Japanese Government via Fujitsu’s popular ProjectWEB platform.

A Fujitsu spokesperson commented:

“We are aware that information has been uploaded to dark web auction site ‘Marketo’ that purports to have been obtained from our site. Details of the source of this information, including whether it comes from our systems or environment, are unknown. Because this includes information that appears related to customers, we will refrain from commenting on the details. I assume that you may recall the last event of Project WEB on May, but there is no indication that this includes information leaked from ProjectWEB, and we believe that this matter is unrelated.”

Analysis of the Fujitsu data sale

Cybersecurity specialists, including senior director for security and strategy at Cato Networks Etay Maor, raised questions regarding the changing number of bids made for the data. Maor suggested that since Marketo had control of the website, it could easily alter bidding figures to increase pressure on potential buyers to hike their offers.

However, Digital Shadows cyber intelligence analyst Ivan Righi commented that Marketo is considered a reputable source. The threat analyst observed that while the authenticity of the stolen data cannot be validated, data leakages in the past released by the Marketo group have proved to be authentic. He stated that for this reason, the likelihood is that the exposed data on its leak site was genuine.

As a taster for interested buyers of the stolen data, Marketo exposed an evidence package with 24.5 megabytes of information and three screen captures of spreadsheets it reportedly stole in the recent attack.

Marketo, while not defined as a ransomware gang, operates using a similar model. The group’s modus operandi is to infiltrate a company’s network, steal its data and threaten to disclose the stolen information unless a payment is made. If an enterprise threatened fails to respond to the demand, the stolen content is made available for sale on Marketo’s official data leak site.