Crook claims to leak 'video surveillance footage' of companies

Mexican IT services firm admits it was hacked, but says client operations weren't affected
A Mexican IT infrastructure and digital transformation biz is on clean-up duty after a criminal posted screenshots of what they claimed was company video surveillance footage to a cybercrime forum.

Monterrey-based Be Prime confirmed that it was the victim of a "cybersecurity incident" on Thursday, after the criminal, who used the alias "dylanmarly," made sweeping claims about an attack they claim to have carried out.

Screenshots published by the attacker depicted access to Be Prime's Cisco Meraki Vision panel, which, if true, would have allowed access to live feeds around its clients' offices, including cameras overlooking different teams' workspaces.

Dylanmarly also leaked what they claimed was 12.6 GB worth of data belonging to the company and some of its high-profile clients, which range from energy giants and household retail names to national pharmacies.

In its statement, Be Prime did not address the claims about client data being leaked online, nor did it speak about whether or not it uses Cisco Meraki Vision , which the attacker claims to have accessed.

It did, however, admit that it had suffered a cyberattack, which it said it was working with Cisco Talos to remediate.

"In times like these, we believe it's right to speak clearly, humbly, and with complete transparency," the statement posted to LinkedIn reads (machine translated from Spanish).

"No organization is immune to cybersecurity incidents, and today it has happened to us.

Therefore, we want to communicate the facts, the actions taken, and our position on this situation directly and responsibly.

"Be Prime was the target of a cyberattack, so we immediately activated our containment, mitigation, investigation, and remediation protocols.

Based on the information analyzed so far, there is no evidence of any impact on Be Prime's operational continuity or on our clients' operations.

"From the outset of the incident, we implemented a comprehensive response process.

To date, the most critical phases of containment and remediation have been executed and completed, and we are continuing with additional strengthening and follow-up actions in communication with the Talos Cybersecurity Intelligence Center."
The attacker also claimed they accessed the Meraki API keys and used them to gain control of thousands of Be Prime network devices, including the security camera feeds of its clients.

Be Prime has not explicitly addressed the attacker's specific claims regarding the API keys or the thousands of accessed devices in its public communications, but has warned that defamation lawsuits would be brought against any person or media outlet it believes has disseminated inaccurate or out-of-context information.

The Register asked Be Prime to clarify every aspect of the attacker's claims, identifying which were true and which were false.

The company did not respond.

"We will continue to maintain direct communication with our clients to provide them with reassurance, support, and assistance," Be Prime stated.

"We have established and communicated a specific point of contact to address any questions, clarifications, or requests related to this incident."
"We also want to express our sincere gratitude to our clients, partners, collaborators, specialists, and everyone who has given us their support, trust, and backing during this time," it added.

"We know that a situation of this nature can happen to any organization, and today it has fallen to us to face it.

We accept it with responsibility, seriousness, and total commitment.

We reiterate that our priority is to protect operations, further strengthen our security capabilities, and respond with action, not just words.

We will continue to provide updates through the appropriate channels as the investigations and additional actions underway progress." ®