After ransomware claims, Xerox says subsidiary hit with cyberattack


Xerox said a subsidiary is dealing with a cyberattack that may have involved the theft of personal information.

Last week a ransomware gang named INC claimed it attacked the company — which earned over $7 billion in 2022 from selling printers in more than 160 countries.

When asked about the claims, a spokesperson for Xerox directed Recorded Future News to a statement that confirmed the company was dealing with a cybersecurity incident.

“Recently, Xerox’s subsidiary, XBS, experienced a security incident which was detected and contained by Xerox cybersecurity personnel. We are actively working with third-party cybersecurity experts to conduct a thorough investigation into this incident and are taking necessary steps to further secure the XBS IT environment,” the company said.

XBS provides small and medium-sized businesses with printers, copiers and software.

“The incident had no impact on Xerox’s corporate systems, operations or data, and no effect on XBS operations.  However, our preliminary investigation indicates that limited personal information in the XBS environment may have been affected.”

Xerox said it plans to notify anyone affected by the incident.

According to researchers at SentinelOne, the INC ransomware group emerged in July. Like several other extortion gangs, the group has been seen exploiting CVE-2023-3519 — a vulnerability affecting products from Citrix that has been part of a “large-scale exploitation campaign,” according to the Dutch Institute of Vulnerability Disclosure and cybersecurity firm Fox-IT.

SentinelOne noted that it has seen the group target multiple industries including education, government and healthcare.

The group launched several high profile attacks in 2023, including incidents involving Japanese manufacturer Yamaha Motor and the healthcare organization WellLife Network.

This is reportedly not Xerox’s first run-in with ransomware gangs. In 2020, the Maze ransomware gang published 25.8 GB of Xerox data.

The company was also mentioned in chats leaked from the now-defunct ransomware gang Conti in 2022, although it is unclear whether the group actually attacked Xerox.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

New malware found in analysis of Russian hacks on Ukraine, Poland

Next Post

Finnish intelligence reorganizes to boost information gathering

Related Posts

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally." To that end, customers are required to take immediate
Read More