Great Morpheus Hackers Claim Massive Breach of Arrotex Pharma & PUS GmbH

Researchers have identified a new extortion group, Morpheus, active since at least December 12, 2024, that claims to have compromised two organizations: Arrotex Pharmaceuticals (Australia) on December 12 and PUS GmbH (Germany) on December 20, likely through data theft. 

It offers stolen data for sale on a dedicated leak site (DLS). While a researcher alleges ransomware deployment similar to Hellcat, it has not confirmed ransomware use or a direct link between Morpheus and Hellcat.

Morpheus DLS landing page showing Pus GmbH victim post

The groups leverage Distributed Denial of Service (DLS) attacks to pressure victims into paying ransoms, which involve public disclosure of the victim’s name and attack details on the group’s website. 

Whenever this fails, the groups escalate the situation by releasing evidence of data exfiltration, such as screenshots of internal file systems and samples of sensitive data, in order to further compel payment.

Morpheus Protected Area, visible only after login.

The Morpheus DLS landing page publicly displays information about organizations they claim to have compromised, including victim descriptions, stolen data samples, and contact instructions for data purchase that is accessible to anyone without requiring a login.

Visitors are able to create accounts along with usernames and passwords through the DLS platform, which provides fundamental user authentication features.

Account creation requires completion of a CAPTCHA challenge for security, and also the platform provides a user-friendly feature enabling toggling of night mode.

It provides initial access to a “Feed” page and allows users to request access to “Protected” content and engage with administrators via a “Chat” page, where “Protected” likely refers to restricted data samples, while “Chat” facilitates communication for potential data purchase negotiations.

Morpheus Chat, visible only after login.

The ransomware group Morpheus claims to have exfiltrated 2.5TB of sensitive data from Arrotex Pharmaceuticals, an Australian pharmaceutical company with $92 million in revenue. 

The data breach includes confidential documents, recruitment records, partner information, financial data, and business plans, potentially impacting Arrotex’s operations and competitive advantage.

It compromised a DBG storage server on August 25, 2024, exfiltrating sensitive data, including PII, internal file structures, and compliance documentation belonging to Arrotex Pharmaceuticals, a DBG business unit.

Morpheus claims attack against Arrotex Pharmaceuticals

According to Cyjax, the ransomware group Morpheus claimed to have exfiltrated sensitive data from PUS GmbH, a German electronics manufacturer, on December 20, 2024. 

The stolen data reportedly included personally identifiable information (PII), financial records, and critical server configuration data, while PUS GmbH has not publicly acknowledged this cyber incident.

Some people have linked Morpheus to the Hellcat ransomware, but this claim has not been confirmed as Morpheus is an emerging threat actor that specializes in data extortion instead. 

It operates a dedicated data leak site where they publish stolen data from targeted organizations, demonstrating their focus on data exfiltration and extortion activities.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here