Cyber Incident Victim: Threadstone Advisors LLP
Date:
Jun 2020
Location:
United States of America
Summary
A corporate advisory firm specializing in mergers and acquisitions was compromised by the Maze ransomware gang, which exfiltrated sensitive data before encrypting systems and threatened to leak the information unless a ransom was paid. The breach exposed confidential details of high-profile clients, potentially causing severe reputational and operational repercussions. Maze operators, known for targeting entities like military contractors, financial institutions, and IT service providers, publicly posted samples of the stolen files on their dark web leak site as part of their extortion tactics. This incident underscored the significant risks posed by ransomware groups to organizations handling critical client data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around June 14, 2020, the Maze ransomware group compromised corporate advisory firm Threadstone Advisors LLP, which specialized in mergers and acquisitions. The attackers exfiltrated sensitive company data prior to encrypting the firm's systems, following their established double-extortion tactic. Maze operators publicly claimed responsibility by posting samples of allegedly stolen Threadstone files on their dark web leak site, threatening full data disclosure unless ransom demands were met. The published client list included high-profile entities such as fashion designer Victoria Beckham, real estate executive Charles S. Cohen, Pittsburgh Brewing Co., luxury footwear brand Harrys of London, and brand management company Xcel Brands. At the time of reporting, no confirmation existed regarding whether Threadstone fulfilled the ransom demand. The incident exposed vulnerabilities in the firm's cybersecurity defenses, enabling unauthorized access to confidential client information typically involved in sensitive financial transactions.
The breach carried significant reputational and operational risks due to Threadstone's business model handling proprietary merger details and corporate strategies. Maze's activity surge during this period included prior attacks against US military contractor Westech, Singapore-based ST Engineering, and the Bank of Costa Rica, whose stolen credit card data they partially leaked. The group maintained pressure on Threadstone by promising weekly data releases, mirroring tactics used against previous victims like IT service providers Cognizant and Conduent. Exposure of client-sensitive materials could have disrupted active negotiations and damaged stakeholder trust in Threadstone's ability to safeguard business-critical information. The incident underscored ransomware groups' strategic targeting of advisory firms holding valuable transactional data for maximum extortion leverage.