Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial

A ransomware group behind some of the biggest cyberattacks of 2023 has taken credit for an incident involving a multibillion-dollar real estate industry player.

Fidelity National Financial – a Fortune 500 provider of title insurance for property sales – acknowledged an attack in regulatory documents submitted on November 21 to the United States Securities and Exchange Commission.

On November 22, the AlphV/Black Cat ransomware gang took the credit for the intrusion, issuing a lengthy statement against the company for hiring incident responders. The group claimed the response team was from Google’s Mandiant unit.

In 8-K filings first reported per TechCrunch, Fidelity National Financial did not provide details on its response.

“Fidelity National Financial recently became aware of a cybersecurity incident that impacted certain FNF systems,” the company said. “FNF promptly initiated an investigation, retained leading experts to assist the company, informed law enforcement authorities, and implemented certain measures to assess and contain the incident.”

Fidelity National Financial said that the investigation so far has found that the hackers accessed some of the company’s systems and “acquired certain credentials.” The company did not respond to requests for comment on what this means.

In the filing, company officials said they were still trying to understand whether the incident would have a significant impact on operations, but problems did arise during the initial response.

“Among other containment measures, we blocked access to some of our systems, which caused disruptions to our business. For example, the services we provide related to title insurance, escrow and other title-related services, mortgage transaction services and technology to the real estate and mortgage industries have been affected by these measures,” the company said.

Several real estate media outlets said the attack had significant downstream effects on the industry. Real Estate News called Fidelity National Financial “the nation’s largest title insurance company” and said it had stopped many scheduled home sales closings following the attack.

Real estate agents, home buyers, and many others have been left in the lurch, trying to find ways to complete their sales. But system outages mean many transactions won’t be finalized until this week. TechCrunch I spoke to several real estate agents Monday, exasperated by cuts that are causing delays in closings.

Fidelity National Financial owns dozens of regional title companies such as the New York national title, the Chicago title, the Alamo title and the Commonwealth land title. TechCrunch

Kevin Beaumont, cybersecurity expert note that, like several major companies who have suffered from hacks In recent weeks, Fidelity National Financial had tools exposed to the Internet that were vulnerable to a bug known as CitrixBleed.

The main cybersecurity agencies in the United States issued an urgent warning on the issue on November 21, warning that nation-state hackers and cybercriminals were exploring ways to exploit the vulnerability.

Just three weeks ago, pirates targeted Texas-based mortgage giant Mr. Cooperthe largest non-bank mortgage servicer in the United States. The attack prompted the company to lock down its systems, forcing people to repay their loans by phone, mail or Western Union.

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.