HellCat hackers target Ascom in global Jira hacking campaign

Swiss global solutions provider Ascom has confirmed a cyberattack on its technical ticketing system that occurred on Sunday, March 16, 2025. 

The attack is part of a broader hacking spree by a group known as HellCat, which has been systematically targeting Jira servers worldwide using compromised credentials.

Ascom is a telecommunications company with subsidiaries in 18 countries specializing in wireless on-site communications. They claim that while their technical ticketing system was compromised, the incident had no impact on the company's business operations. Ascom has assured that no other IT systems or customer systems were affected, and operations continue as usual. The company has emphasized that customers and partners do not need to take any preventive action at this time.

A member of the HellCat hacking group, identified as Rey, claimed to BleepingComputer that they stole approximately 44GB of data that may impact all of the company's divisions. According to the hackers, the stolen information includes:

• Source code for multiple products
• Details about various projects
• Invoices
• Confidential documents
• Issues from the ticketing system

Ascom has initiated investigations and is working closely with relevant authorities. The company has also closed the compromised ticketing system and is maintaining close contact with customers and partners through regional leadership to keep them informed of developments.

Alon Gal, co-founder and CTO at threat intelligence company Hudson Rock, identified HellCat's signature technique as "exploiting Jira credentials harvested from compromised employees that were infected by Infostealers." The JLR breach specifically involved using credentials of an LG Electronics employee with third-party access to JLR's Jira server.

The number of individuals affected by the Ascom breach and the financial impact of the incident are not disclosed in the available information.