On March 16, 2025, the Hellcat ransomware group breached Ascom’s internal technical ticketing system by exploiting vulnerabilities in its Atlassian Jira server. |
Ascom’s Technical Ticketing System Breached
Crew of hackers announce extraction of 44GB of data.
What is the attack?
The attackers exfiltrated approximately 44GB of data, impacting multiple divisions across the company. Ascom confirmed that other IT systems and customer platforms remain unaffected, and operations continue while an investigation is underway in collaboration with relevant authorities.
Why did it get through?
Exploiting known vulnerabilities in Atlassian Jira — likely unpatched or misconfigured instances.
Using compromised credentials — obtained through phishing attacks, dark web marketplaces, or prior third-party data breaches.
The Hellcat group is known for targeting internal collaboration tools like Jira and Confluence using exactly these techniques.
What is required to solve for this attack?
Enforce Multi-Factor Authentication (MFA): MFA helps prevent unauthorized access, even if attacker-controlled credentials are used against systems like Jira.
Patch Critical Vulnerabilities Promptly: Ransomware groups actively scan for unpatched software like Atlassian products. Routine vulnerability assessments and fast patching are essential.
Educate Employees on Phishing and Credential Theft: Regular phishing simulations and awareness programs reduce the likelihood of employees unknowingly handing over credentials.