By Carlos Ramirez, Ocelot Threat Intelligence Team

Context

The purpose of this report is to provide information about the recent attacks carried out by the APT Inc. group, which has conducted various campaigns distributing the Babuk Ransomware. This report is based on the Diamond Model for adversary analysis. The Diamond Model organizes the key aspects of malicious activity in the shape of a diamond, which is visually easy to understand and symbolizes the relationship between these key aspects. The Cyber Threat Diamond Model is a methodology used to analyze and understand cyber threats from different perspectives. This model is based on four main components: adversaries, infrastructure, capabilities, and victims.

Adversaries: This sector identifies and analyzes the different malicious actors who could pose a threat to a system or organization.

Infrastructure: This quadrant examines the infrastructure used by adversaries to carry out their attacks.

Capabilities: This sector evaluates the skills and technical knowledge of the adversaries.

Victims: This final quadrant identifies the potential victims of cyberattacks.

By using the Diamond Model of cyber threats, the goal is to achieve a more comprehensive and detailed understanding of cyber threats, which helps organizations take proactive measures to protect themselves and mitigate associated risks.

APT Inc. is an adversary that primarily targets VMware ESXi servers in various regions, including Latin America (LATAM), with its most recent confirmed attack on a Chilean data center hosting company. This was confirmed by PowerHost’s CEO, Ricardo Rubem, who issued a statement mentioning that a ransomware variant had locked the company’s servers. The adversary does not have specific organizations to target; since its emergence, various organizations worldwide have been affected by this group.

The actors behind APT Inc gain initial access to the organization using well-known techniques such as phishing attacks, downloading malicious files, or exploiting known vulnerabilities in internet-connected assets. However, in their latest attack, the initial vector into the internal network remains unknown.

Figure 1: Diamond Model

Analysis using the Diamond Model

Adversary

APT Inc
Attribute	Active
Origin	Unknown
Activity Since	2023
Last Activity	2024
Type of Adversary	Ransomware
Motivation	Financial gain
Associated Groups	Babuk (Ransomware As A Service)

Victims

Figure 2: Global Victims

Affected Countries or Regions	Argentina, Chile, Mexico, Peru, the United States, Canada, France, Germany, Italy, Spain, Thailand, and Finland.
Global Organizations Affected	IxMetro Powershot
Mexican Organizations Affected	Retail, Education.

Capabilities

• Uses the GO programming language.
• Encrypts users’ files.
• Implements 128-bit to 256-bit keys.
• Encryption based on LFSR and FSM.
• Output process similar to SERPENT.
• Generates 128 bits of output per cycle.
• Uses the symmetric Sosemanuk algorithm.
• The algorithm can quickly encrypt large amounts of information.
• Uses the asymmetric encryption algorithm Curve25519 for the encryption key.
• Affects Windows and Linux operating systems.
• The security of the 128-bit key algorithm has not been compromised so far.

Tactics, Techniques, and Procedures (TTPs)

Defense Evasion		Credential Access	Discovery	Command and Control	Impact
Deobfuscate/Decode Files or Information		Modify Authentication Process	File and Directory Discovery	Non-Application Layer Protocol	Data Encrypted for Impact
Impair Defenses	Disable or Modify Tools		Network Share Discovery	Exfiltration Over Alternative Protocol	Inhibit System Recovery
Obfuscated Files or Information	Software Packing		Process Discovery		Service Stop
			System Information Discovery
			System Network Connections Discovery
			System Service Discovery

About the SEXi Campaign

As is well known, one of the primary targets of the SEXi campaign is VMware ESXi servers. This campaign was first observed in March 2023, and its name is derived from a play on words with “ESXI,” which is a hypervisor solution sold by VMware.

Figure 4: SEXi Ransomware Encryption Extension

Regarding the operation’s infrastructure, there are currently no notable characteristics recorded. The ransom notes simply instruct victims to download the “SESSION” application and contact the provided address.

Figure 5: Ransom Note

The most recent observed attack was against the Chilean data center hosting company IX PowerHost in April 2024. This may be part of a broader ransomware campaign. Researcher Will Thomas discovered what he believes to be a binary related to this attack, named “LIMPOPOx32.bin” (MD5: 0a16620d09470573eeca244aa852bf70), labeled with a Linux version of the Babuk ransomware. However, this campaign has also affected at least three Latin American countries:

1. SOCOTRA: used in an attack in Chile on March 23.
2. LIMPOPO: used in an attack in Peru on February 9.
3. FORMOSA: used in an attack in Mexico on February 26.

Ransom Note, SOCOTRA Code (6f7bd3365859ff0cffccfd36bbafe4db)

Ransom Note, LIMPOPO Code (8a525e77e07403eeb91238fa999195f3)

Ransom Note, FORMOSA Code (e253ce3cd4d1b20b7b54ff7807f2b45d)

The Ocelot team identified that the Babuk ransomware family is behind the SEXi variant.

Babuk has been operating since early 2021, affecting both Windows and Linux operating systems, and specifically targeting files related to VMware ESXi. A notable feature is the use of a lesser-known symmetric encryption called Sosemanuk (see Appendix A). In the same year, the author of Babuk released the source code on a hacking forum.

An analysis was conducted on a GitHub repository containing the Babuk source code. This repository has 3 folders with different ransomware variants and a Readme.md file. Below, the characteristics of the 3 variants are described, with the first two being ransomware targeting Linux:

1. ESXi: This ransomware targets ESXi services and includes a blacklist of critical files it intends to encrypt. It performs a recursive scan of the entire disk and encrypts these files using a symmetric stream cipher called Sosemanuk. The key used for symmetric encryption is then encrypted with an asymmetric encryption algorithm, Curve25519.
2. NAS: Targeting Linux and written in Go, this ransomware encrypts files using the symmetric encryption algorithm ChaCha20, and the encryption key is protected using the asymmetric encryption algorithm Curve25519. It performs a recursive scan of the host, starting from the root, and applies a whitelist of paths that should not be encrypted. It is noted that this variant has a version in Go; the primary difference between this variant and others is the type of encryption used. The ransomware note for Linux is shown below.
3. Windows: Targeting Windows and written in Go, this ransomware encrypts files using the symmetric encryption algorithm ChaCha20, with the encryption key protected by the asymmetric encryption algorithm Curve25519.

To validate whether the SEXi variant is indeed the Babuk ransomware, we compared the sample: 0a16620d09470573eeca244aa852bf70 with the source code and confirmed the implementation of the encryption algorithm based on Sosemanuk.

Figure 6: Encryption Algorithm from Babuk Source Code in GitHub Repository

Figure 7: SEXi variant(At 0x08048F59): 0a16620d09470573eeca244aa852bf70

Note the box in Figure 7 of the source code, only the extension of the variant used in the campaign is modified: LIMPOPO, SEXi, etc. In recent campaigns, it has been observed that the group assigns a unique code to each victim for differentiation.

Recently, the group responsible for the SEXi ransomware identified themselves as APT INC and has breached numerous organizations. APT INC began its latest series of campaigns under this name in February 2024, using Babuk encryption to compromise Linux VMware ESXi servers and the leaked LockBit 3 encryptor to attack Windows systems. Despite the name change, the group continues to use its original encryption methods and remains destructive to its victims. In their latest attack on IxMetro Powershot, they demanded two bitcoins for each encrypted server.

It has been observed that APT INC has remained active. In their campaigns, their ransom notes continue to indicate the use of the software “SESSION”, with the same contact identifier but under the name APT INC.

 Below are the ransom codes from recent campaigns:

Date First Seen	Ransom Note Code	MD5
2024-04-19 16:47:02 (CST)	BULANYK	40c6a5837deb4c78d8c578c6c2796fc5
2024-04-23 14:40:30 (CST)	AKMUN	1fe4043de6791fa07af353b76d908622
2024-06-07 07:39:10 (CST)	MONJUKLY	a7b97d35c43c573e6df516c6fd61c5ae
2024-06-07 09:03:33 (CST)	SAKGAR	0683499fe27d394ce3d01679b8584766
2024-06-07 10:50:28 (CST)	AKTAKYR	14f4b87e3e8acf857d6e3c8d95b103c8
2024-06-07 11:55:55 (CST)	SAZANDA	03edbf590f62c0b6ecae581d106d5e4d
2024-06-07 19:11:15 (CST)	BENTLIOBA	9e9b734d0546905c4bd24a88dd8c6e25
2024-06-12 11:28:59 (CST)	TUTLYK	46ff6f7c106dbf783f41513339a159b6
2024-06-19 08:19:43 (CST)	GYZYLTAKYR	79e56d6015cce63ccc88eaf8ba7e85b8
2024-06-20 18:44:41 (CST)	MERGENLI	018a12dc8fd39410d4bdbe9ab72f5c9f
2024-06-22 08:29:20 (CST)	GAZANARYK	654ac986ee1c5a14383525d8e75ec23d
2024-06-25 19:43:54 (CST)	GARAKLY	abe85b4cd132fcd005b5d1327db7cc92
2024-06-28 10:40:20 (CST)	OZGALA	53e528c97b91bb76823c91043bba6c87
2024-07-01 08:34:53 (CST)	DERWEZE	36ec021bac8e33f0bc12815919c9f8fc
2024-07-02 04:01:29 (CST)	GYJAKLY	6f2ed93b3a7767a5b76543ea6d1506c8
2024-07-03 07:02:38 (CST)	GYZAN	cb3b3e24b7ddd7deca6b8b36838ae577

Conclusions

The information gathered about the APT INC group confirms that this group has been using Babuk ransomware variants under different identifiers such as “Formosa,” “Limpopo,” “Socotra,” “SEXi,” etc. The identifiers are used to manage their campaigns and administer them. The random names assigned to the binaries are not related to the victim companies, which is a tactic to confuse analysts and complicate incident response.
This type of Ransomware is already available to be replicated by our Batuta ZeroAPT Technology.

Infrastructure

IOCS

• IP Addresses
  • 123[.]13[.]60[.]118
  • 123[.]13[.]58[.]15
  • 123[.]13[.]62[.]174
• Domains
  • additiondasal-dasdrequired[.]sexidude[.]com
  • easternfglo[.]sexidude[.]com
  • surestniggaraloveme[.]sexidude[.]com
  • sexi[.]faqserv[.]com
  • ftp[.]innocent-isayev[.]sexidude[.]com
  • additional[.]sexidude[.]com
  • microsoftgetstarted[.]sexidude[.]com
  • ftp[.]additional[.]sexidude[.]com
  • innocent-isayev[.]sexidude[.]com
  • sexidude[.]com
  • petiatedtion-min[.]sexidude[.]com
  • arrator-hasfull[.]sexidude[.]com
  • dynamicdasd-dasdhosting[.]sexidude[.]com
  • chelualdfg[.]sexidude[.]com
  • aljyykbnt[.]sexidude[.]com
  • continuedasdsa-nbvncheckout[.]sexidude[.]com
  • deeytdely[.]sexidude[.]com
  • identifrghhg[.]sexidude[.]com
  • optionswandqweq-continue[.]sexidude[.]com
  • requiredwe-nformation[.]sexidude[.]com
  • optionsdas-continueda[.]sexidude[.]com
  • seximage[.]xyz
  • playboybeautybr[.]com
• URLs
  • https[:]//petiatedtion-min[.]sexidude[.]com/
  • https[:]//arrator-hasfull[.]sexidude[.]com/
  • https[:]//dynamicdasd-dasdhosting[.]sexidude[.]com/
  • https[:]//chelualdfg[.]sexidude[.]com/
  • https[:]//aljyykbnt[.]sexidude[.]com/
  • https[:]//continuedasdsa-nbvncheckout[.]sexidude[.]com/
  • https[:]//deeytdely[.]sexidude[.]com/
  • https[:]//additiondasal-dasdrequired[.]sexidude[.]com/
  • https[:]//additiondasal-dasdrequired[.]sexidude[.]com/
  • https[:]//easternfglo[.]sexidude[.]com/
  • https[:]//identifrghhg[.]sexidude[.]com/
  • https[:]//optionswandqweq-continue[.]sexidude[.]com/
  • https[:]//requiredwe-nformation[.]sexidude[.]com/
  • https[:]//surestniggaraloveme[.]sexidude[.]com/
  • https[:]//surestniggaraloveme[.]sexidude[.]com/James/New%20ATT/bill[.]charged[.]html
  • https[:]//optionsdas-continueda[.]sexidude[.]com/
  • https[:]//seximage[.]xyz/dro/?1
  • https[:]//playboybeautybr[.]com/tib/sexieatdotpiu
• SHA-256
  • 7a3135d1da6110a069a38db4ae0441f421276a4e4911c6c93711a96d2db2cca4
  • 29109792e5009e14ce1d03830dae10073d531b5fb10a4d1488ed173d76f93ef2
  • 1b3afe446d6f9b46ac476a318116c534483b7f23465b6e7d19e9bdf2c01fd479
  • f3f16f6bd395ab1cc3d6ca09ca88b4de8e383e36c075d12883955764f3c8b2e2
  • 5d613aad17d62df2e8e8fd560330c4b1737e2df54d7cef03c3ee8212826dd8d3
  • a779da7552abe672ea1dbecb43eaca9d9bd700b21a7cef78a797a9c23d613cad
  • 5f51f73e657d1b3882fdc045b6996f9b5b461894d8062246a8de91352d390b6e
  • 6882cc1d1503cbaaed4213268194c64330536a320cb11e334052b7f69031278c
  • 00492655f5df05ef453c648b4570425493cb8f4df21838156cb1e5c0446d0c9e
  • 03268f2c5729207c98f5cabc9a04e15f8d4a331a9760caa4c8e2c39842da7da6
  • b5cd3e2433c3856a1bc40dca7c8b93e5b9e9d7235e2a69ebe31384d16278cd75
  • d488b48f4f2e2d77d6fc9a4d592b2dc23f14effe8c3396ad19f0fc342f7858aa
  • 581bc5287b992efdfafaccdf8ad117adec9e8ed84c1ac2f24cdb1c5a9ea51f8a
  • 4f4c7817d8d2e11e415d7eae282223684eb79781d8d64f8b5bff9ef6c7b52fc5
  • 975a1d1c009fdc65fb84c1c5e26a516e2136f18398d8e0d6dabd111fe532c14b
  • 480101403f5a65cba633c4b4d4ebe87fe2711d9f3b4ee308b1092f8d1d915c28
  • db3a6641139dea778c874bc7fb7260253aadd77bdf8108b4374f3cab0a6c0a4f
  • f962d54db257c9865f9f4d04ec0fd516072bee39b9dbcb85d4a2d0b14323e0b3
  • e4027f59556e4c29d77b396457b5a9af75a299a27b977c81dfce62e51d92c439
  • d406683776845a4ba505cb60bbb75caa18fe671a44e5c224fa93b26bf41155a8
  • 042906399e2db2fd4cda22960c82913dbfcdc2d03901080ae5f520e0bd33aa20
  • 6fdc85490c3c6f2e4dba83e325dc6fe4340cc0b74f7ae08749542887d3f90519
  • 27767fb888f0836f2a9edf1a30bb774d9dffa18b8196447d78ec32dd651b9d5a
  • 6f7a890bab675402ee849ddec218e0ac380c5b9ff3dd3766acf6e5c2a8b9a379
  • 8791eea95361498cb3f80d52f0fd020123c2de1ea23e948423e763bc8cc1b21f
  • 8b3249ef4d72660259a08831320a7c97ef5e8a7cc4707f1dd4f77aa0d93e2ab3
  • a5f32055751c9bf302d0e67d780c70d407d2dfc85c04a32ac7af94a607fae836
  • d6ab95044f4cfabb2ad3ea7c483a54230cbc09fa23db22e9071be03804a436b7
  • b5cf1306057fa6e248deba659011130771e918ca1a5cfd9cac247829a8b65171
  • 205234c43de90157dc56bc9401bba77d6eda23a5ac2dfbb0af7ebb6944c666f7
  • 68299d16b99e8e6afd08b6c07468145edafb811281c16419fb909460b0a2c424
  • bebf54a073df7625170cc220c2c746d1cba2150deb4f50c3b0c87ad77bb15762
  • 041e800eb422033eb692d6e9d215e06a54925de0dee698cfc1e2ce4c50dc1f20
  • 17242addf9dd2afc79721ce924a6215f3db61bc6eef27147090e83400b37a6d2
  • f66d6a5a40c2328c8770e5b7784dd7cff44c2262c7feb77dafa3cea670dd89ca
  • 88718524514f63f2fdea84cf767d28bc96769e1dce20d202216277587022d2d1
  • d82484e575c3733e6ebfc27da773aa420bab17e312515ee6a1391530004696e5
  • 62b82416162b824ba9fea5fbe0fdefb04b883d7d23cc554ad0f5538c45c8d46d
  • 7a5d9268d70680b752a3192db7ced8cd10ae04ac480444225e7964efd272c617
  • 845ae02e71bf21e750606cb16610cc05a0fc37cd3a56033b4d55ed19fbefd934
  • f0bfa0203785d16761e398a8107f6def1a234cdb028b9be13e1860d8b02742b6
  • fe0343f5cf16fa0426f46feb0947342ef15e31a862493d53395da974c6db72a5
  • c273aa956a3e1e4c878cec72423c880114e7bcd990b7c7386266957d94a045e0
  • b3ab1e211a8c5ad30f79be15468e81467aed3286de6158b921a44ea8b36f8a47
  • 1793da80d42508bab0fc38cacd394256481a4b29b37172d0a70053ce2b492d4e
  • 84259823c7f08997784b5a77154552b85c9af23a5539fc1aecfa6a38bb04c2d6
  • 7e5a225aaa4558a39a34f7694121fbbd0c94bf475b4b096c9d0c87d6f3ae1b44
  • 7621860308af46f003d809b84ef199bbe132e7b22b0f68985a306aef062e7761
  • dd9806165b3f20a806b5231f84add9b8e834895f22e0ed98066a656c6abcf5f4
  • bfdb4fa67a8ec26c83771746fedd4c37fc716818981d4386e817792b7e4f1c08
  • 904972023ef7817f59c1a78b2885fea56153cc2e60acc4ac47e509b0f8a82774
  • cfab95a84fc282e8cad6449486e7dfe497f3ab43f871d4c3ad70258dcc5f84b8
  • 647c735f430d5422a1affe36843603565157cf6f76617e5f101af55294f5102e
  • 2dc26fb7393be5d0d9a99f7530e7b42556d900573cc3f3849fa27c5edf2b55c4
  • d6b6af8cfc2cc11bbf6554f13d7c3a7eadd8f148fcf126a3b1f15959bded9a12
  • 6571cae958eadd8d4eef09687c1ac0258563ff633bbddd3db5ebabb35a5b4abb
  • d92be58cae837a56308c407360156209bd08f780a7335453a84f5955af3db331
  • bb2d5957e1b6fb0f1d91eb87b45aa365559a74a6e3cbe9d115dc2249f751b109
  • 50fc2209dd85dda785d5cc08954690b6b6cde9f4c1de0dcfe4819bf8f8267d96
  • 6ba06ceda8135edd4ae3f12136f7e4e02ed9a253e2533f994e1f73b2f66e4891
  • fc6eee93f28d29ceadb394fecab6de18eefebe50af3b79b786b80ca61894a3b2
  • 503f16e60ae382c73c47dc01e98be4b7d1b5ec5d59b45deda24f714c8e1dc039
• MD5
  • fd5cc630421b486248f93b6d85f8cbfd
  • 925e09fde518efaa60a898080d2d66f1
  • bd1a0b3ce63c846550d0b362a04dff66
  • 87e31101b3936a317c0c9880c9750801
  • 53579964981633dae3a80b4d7339db4a
  • a208d43aeb8c4a32fee467375508f01a
  • 6d547940c1a6b3c1531db570b76e546e
  • c46d36e0a0ad67dfa01bd0f025f55b54
  • 7edf35b18e7e1cfe43daa98bf8e612f3
  • 551d0132ea1660b51b9ca102a2e1a429
  • 1c988e13c4499984c2f149d7199f9077
  • 45826ae51330e2db38c02dc412c0f596
  • 7e5aa3a76de082eff57dd06724ae6dd1
  • 450d4587e39707371b6b9660fdf73849
  • 75ed9cfaa575724566ebc63c0b325aac
  • 00c1875af11ba9636fb6c97203a28f6f
  • 1fbf0c128accfab84fa0a58ed34dd85b
  • 533dad422ae1379497305551563a3adf
  • 1770021289af639a0064200c34b30f5d
  • c2d6a459a44c30424a6479975705b2d2
  • 9959d9c3ae4a52e2c64e7276145057bf
  • c29302db5e9de4aecd16bfc8149f6944
  • 43a7f7ada40fc1f483520acca8f5deaf
  • 7fbec8acc2ca97e5058576ebb70960c9
  • 8bc2982ab428e677e09cf5ac2deabc4b
  • 695a283731f3fb73579115699ebc497d
  • a0644a7bcc0c8bcb78da2d5829283cda
  • 383c0223012b87f430f5e97ac2564bb4
  • d4ec0f78dce76c70f175c3fa669de431
  • 03af155ea7ba43f0f58cdbce16175868
  • 8e79fc4562a719bdb7aafeaac80bdac5
  • b2dec816550cc3a58500379c8fc15016
  • 24edd9cf8a1baba409cf24a15324360f
  • d90cd509a124b7960c1546ca7813cc87
  • 47607214fb14b5ed8e1ea875b9c820c4
  • e413f877df9bcb339a7d6bf0662a6757
  • f60a7f3415472ba8b9ebb0a39bcd7a02
  • ecc96cf7380fb9daef3fcdc60b5ec839
  • a1bc7b72db7b72aa7a6c08a8327b5b85
  • 3ce6ef10578032cf18a961e6465d2ce2
  • 6bda659b696a2ce2f9d1087a7101bca8
  • 97e6eb301a8724f3e9405512ffa3c277
  • f4745871b111873e523bbe0f7234e8a8
  • 917b7124752ec4457592646e70938486
  • 496a632f6a4903bb29606c6e83032c57
  • 369656cc1a5fb409beb871d8e0bb56fa
  • 29e35eb015cefd331acc15c1b6876863
  • 3f5a51ac31b1844480bab14213d3f552
  • f0982ed8e81b51223bd223ff1b10e724
  • 3742eaa53aba065cd771463b0e8aa0a1
  • 99f882f847a62c2678154f9aed82463e
  • c699a90f1fe01787c0ce169b0ca13012
  • b5e956ddb5b4c329b6682bcd37ceff62
  • df03d7918aabc51aa68d4028339c8297
  • fbd7afa98a15883ef7e323a567ad99b2
  • 007d791a8a8a37876272df8b760f5a7e
  • 9a7f8d0e6098ebd93733bb3a91ae02e3
  • 75d9687e5e37ceb12b93423e0a72b8bc
  • f485412038002eea5be45fa5ae68ab8e
  • 6f82c5d4be36f3fdf81bb3c04f43f90d
  • 471418c0eb300bc714ce54f07666c377

 

Recommendations

1. Perform Regular Backups:
   • It is essential to back up all important data and store it in secure, disconnected locations.
   • Periodically verify that backups work correctly and that data can be restored if needed.
2. Keep Software Updated:
   • Ensure that all operating systems, software, and applications are updated with the latest security patches.
   • Use up-to-date antivirus and antimalware software to detect and remove threats.
3. Implement Network Security Measures:
   • Use firewalls and intrusion detection systems (IDS) to monitor and protect the network.
   • Segment the network to limit access and prevent the spread of malware in case of an infection.
4. Educate Users:
   • Train employees and users about phishing risks and how to recognize suspicious emails, links, and attachments.
   • Promote a cautious approach when downloading files or clicking on unverified links.
5. Monitor and Detect:
   • Implement monitoring and analysis tools to detect anomalous behavior on the network.
   • Respond quickly to any signs of suspicious activity.
6. Create an Incident Response Plan:
   • Develop and maintain an incident response plan that includes specific procedures for dealing with a ransomware attack.
   • Conduct simulations and response exercises to ensure everyone knows how to act in the event of an attack.

Appendix A

Sosemanuk is a symmetric algorithm proposed for the eSTREAM project, a stream cipher initiative by the European Network of Excellence in Cryptology II (ECRYPT II). This algorithm is based on two ciphers: SNOW 2.0 and SERPENT. The adaptation yields the following characteristics:

• 128-bit to 256-bit keys
• 128-bit initial value (IV)
• Encryption Process:
  • Like SNOW 2.0, it passes 32-bit through a linear feedback shift register (LFSR) to produce 32-bit output.
  • Like SNOW 2.0, it passes the same 32-bit that entered the LFSR through a finite state machine (FSM) to produce 32-bit output.
  • For every 4 cycles of the FSM, it is processed by an output function similar to that created by SERPENT, generating 4 blocks of 32 bits.
  • These 4 blocks are XORed with the 4 blocks generated by the LFSR.
  • Each cycle generates 128 bits of output.
• The algorithm can quickly encrypt large amounts of information.

Several theoretical attacks have been found against the algorithm, but none have managed to break the security for the 128-bit key.