
The Swiss telecommunications company Ascom has confirmed a cyberattack targeting its IT infrastructure. On March 16, hackers gained unauthorized access to the company’s technical ticketing system. An internal investigation is currently underway, and law enforcement authorities have also been engaged in response to the incident.
Ascom assures that business operations remain unaffected, and no additional measures are required from clients or partners. Responsibility for the breach has been claimed by the hacking collective known as HellCat, notorious for a series of similar intrusions exploiting vulnerabilities in Jira. A group member operating under the alias “Rey” stated that the attackers exfiltrated approximately 44 GB of data, including product source code, project documentation, invoices, and confidential records from the ticketing system.
Jira, a platform widely used for project management and issue tracking in IT teams, often contains highly sensitive data—ranging from authentication keys and source code to customer information and internal communications. HellCat has previously infiltrated the systems of Schneider Electric, Telefónica, and the Orange Group, leveraging compromised Jira servers and stolen employee credentials.
Most recently, HellCat claimed responsibility for an attack on the automotive giant Jaguar Land Rover. During that breach, the hackers stole and leaked around 700 internal documents, including development logs, source code, and personal data belonging to employees. The attack was facilitated by outdated, yet still active, credentials from an LG Electronics employee who had access to JLR’s Jira server.
Following the incidents involving Ascom and JLR, the group announced another breach—this time targeting the Jira server of the U.S.-based marketing firm Affinitiv, which works closely with automakers and dealership networks. According to HellCat, the attackers obtained a database containing over 470,000 unique email addresses and more than 780,000 records. To substantiate their claims, they published screenshots displaying names, email addresses, and physical mailing addresses of clients. Affinitiv has confirmed the initiation of an internal investigation.
This pattern of intrusion aligns with HellCat’s typical modus operandi: exploiting login credentials obtained via information-stealing malware. Despite being part of older data leaks, such credentials often remain valid due to organizations’ failure to enforce regular password rotation.
Security experts have noted that Jira is increasingly becoming a prime target for attackers, owing to its central role in operational workflows and the vast amount of data it stores. Gaining access to Jira can serve as a gateway for lateral movement within corporate networks, privilege escalation, and the theft of critically sensitive information.