Cyber Incident Victim: Synertrade

Synertrade, a subsidiary of Econocom specializing in source-to-pay solutions, detected a potential security incident on June 27, 2024, triggering an immediate response. The company isolated its information system by severing all external IT flows to contain the threat, aligning with its incident response plan. An internal Security Operations Center (SOC) launched a detailed investigation while Synertrade notified affected clients and internal teams of service disruptions. By July 1, services began gradual restoration to mitigate operational risks for clients, including major accounts like AGCO, BASF, and the Port Authority of Hamburg. Investigators identified "suspicious software" with technical indicators shared with InterCERT and competent authorities, though the malware's delivery method and precise nature remained undisclosed. Econocom emphasized Synertrade's network segregation prevented lateral movement to parent company systems, limiting the incident's scope.

On July 11, 2024, Econocom confirmed data exfiltration occurring prior to June 27, consistent with ransomware double-extortion tactics but without public claims by attackers. The compromised data involved non-sensitive information under GDPR regulations, affecting a limited client subset who received immediate notification. Competent authorities were alerted as remediation and security hardening measures continued. Investigators attributed the attack to the Cactus ransomware group based on modus operandi, though attribution remained unconfirmed. The malware's heavy obfuscation required aggressive scanning for detection, suggesting sophisticated evasion techniques. Service interruptions during containment temporarily impacted supply chain management solutions for clients across France and Germany, though Econocom maintained no customer data or personal information was compromised beyond the exfiltrated non-sensitive files.