The threat actor states in their website that they abide by a set of rules; not to attack hospitals, oil and gas, critical infrastructure, defence, NGO’s and governments. A measure to avoid the ever-increasing vigilance of law enforcement over critical infrastructure. These rules are likely to be in response to President Biden’s announcement in June where he spoke of 16 sectors that should be “off limits” to cyberattacks.
However, it appears these rules are being loosely followed – if at all – as a recent attack by BM has left an Iowa-based farming services provider incapacitated and ransomed for $5.9M. New Cooperative provides farming technology and software platforms to mainly grain farmers, a service that is considered critical to the US food supply chain. It could be argued that BM are technically following their own rules, as they have only identified power plants and water treatment facilities as critical infrastructure under their definition. Nonetheless, a definition highly criticised.
(Source: Twitter) – Screenshot of New Cooperative and BM’s conversation