IT services giant SHI hit by “professional malware attack”


SHI International, a New Jersey-based provider of Information Technology (IT) products and services, has confirmed that a malware attack hit its network over the weekend.

SHI claims to be one of North America’s largest IT solutions providers, with $12.3 billion in revenue in 2021 and 5,000 employees around the world in operations centers in the U.S., the United Kingdom, and the Netherlands.

It also says it provides services to over 15,000 corporate, enterprise, public sector, and academic customer organizations worldwide.

“Over the Fourth of July holiday weekend, SHI was the target of a coordinated and professional malware attack,” SHI said in a statement.

“Thanks to the quick reactions of the security and IT teams at SHI, the incident was swiftly identified and measures were enacted to minimize the impact on SHI’s systems and operations.”

After the attack, SHI added a message to its website warning customers and visitors that its information systems were undergoing maintenance due to a “sustained outage.”

This message was later replaced with the malware attack statement published on the company’s blog.

SHI maintenance message
SHI maintenance message (BleepingComputer)

Since the attack, some website pages are also returning Amazon CloudFront/S3 SHI errors, which persisted until this article was published.

While evaluating its systems’ integrity and investigating the security incident, SHI was forced to take some of its systems offline, including the company’s public websites and email.

Starting Wednesday morning, SHI’s staff brought all email servers shut down after the attack back online. Its IT experts are also working on restoring access to other affected systems on the network.

“While the investigation into the incident is ongoing – and SHI is liaising with federal bodies including the FBI and CISA – there is no evidence to suggest that customer data was exfiltrated during the attack,” the company added.

SHI also said that it will keep customers up to date throughout the process and that no third-party systems in its supply chain were affected during the malware attack.

When BleepingComputer reached out earlier today with a request for more details, an SHI spokesperson replied with a link to the statement published on the company’s official blog.