After ransomware claims, Xerox says subsidiary hit with cyberattack

Xerox said a subsidiary is dealing with a cyberattack that may have involved the theft of personal information.

Last week a ransomware gang named INC claimed it attacked the company — which earned over $7 billion in 2022 from selling printers in more than 160 countries.

When asked about the claims, a spokesperson for Xerox directed Recorded Future News to a statement that confirmed the company was dealing with a cybersecurity incident.

“Recently, Xerox’s subsidiary, XBS, experienced a security incident which was detected and contained by Xerox cybersecurity personnel. We are actively working with third-party cybersecurity experts to conduct a thorough investigation into this incident and are taking necessary steps to further secure the XBS IT environment,” the company said.

XBS provides small and medium-sized businesses with printers, copiers and software.

“The incident had no impact on Xerox’s corporate systems, operations or data, and no effect on XBS operations.  However, our preliminary investigation indicates that limited personal information in the XBS environment may have been affected.”

Xerox said it plans to notify anyone affected by the incident.

According to researchers at SentinelOne, the INC ransomware group emerged in July. Like several other extortion gangs, the group has been seen exploiting CVE-2023-3519 — a vulnerability affecting products from Citrix that has been part of a “large-scale exploitation campaign,” according to the Dutch Institute of Vulnerability Disclosure and cybersecurity firm Fox-IT.

SentinelOne noted that it has seen the group target multiple industries including education, government and healthcare.

The group launched several high profile attacks in 2023, including incidents involving Japanese manufacturer Yamaha Motor and the healthcare organization WellLife Network.

This is reportedly not Xerox’s first run-in with ransomware gangs. In 2020, the Maze ransomware gang published 25.8 GB of Xerox data.

The company was also mentioned in chats leaked from the now-defunct ransomware gang Conti in 2022, although it is unclear whether the group actually attacked Xerox.