The D1R threat actor D1R, targeting ARM in GB, exploited leaked Synopsys database information and cross-referenced other group leaks to gain access and investigate remotely, later using Athena Download Manager—requiring an SSL certificate tied to ARM’s parent-owned product infrastructure—to bypass ARM’s 2FA email/SMS checks. This capability severely incapacitated operations despite 2FA protections, ultimately enabling unauthorized downloads from ARM-associated sources and amplifying impact to GB #UnitedKingdom
Incident Details
Information
- Thanks to leaked database by Synopsys, a roadmap was provided
- Many other group leaks were cross-referenced and thoroughly analyzed
- One of the leaked companies gave our team access to ARM center
- Severely incapacitated by 2FA email/sms-code required by ARM on every step, we were still able to download an interesting tool: Athena Download Manager
- This requires an SSL certificate of a company that owns ARM products, and downloading by means of Athena allows to bypass multiple 2FA checks that are required when downloading same files from www.arm.com
- This is now free for download to any reverse engineer on Earth and beyond, thanks to Synopsys company data negligence
Disclaimer: This post is based on public claims made by the ransomware group "D1R". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.