Altice stung by ransomware group Hive


Reports suggest that Altice International was the subject of a cyberattack earlier this month, but the scale of the attack has yet to be announced

Today, a report from RedPacket Security suggests that France’s second largest operator, Altice, has been hit by a ransomware attack from the cybercriminal gang Hive.

RedPacket Security is an InfoSec news site that scrapes information relating to cyberattacks from the dark web, with the site reporting that the attack took place on August 9 this year, though it was only disclosed by the hacker group yesterday.

The scale of the attack is unclear, but files are reportedly available for download via the Tor browser.

The attack has not been publicly disclosed by Altice

Having been first detected in the summer of 2021, the Hive ransomware group has quickly become one of the most prolific ransomware gangs in the world, instigating over 350 attacks on various targets, primarily in the healthcare and financial services sectors.

To make matters worse, earlier this year, Hive was reported as having overhauled its software, migrating the code to the Rust programming language and therefore enabling even more complex encryption.

Most recently, the group successfully attacked two sixth-form colleges in Bedfordshire, UK, demanding £500,000 for the release of the stolen data.

Like so many ransomware gangs in 2022, Hive typically operates via a strategy known as ‘double extortion’.

In the past, ransomware typically worked by hacker groups gaining access to sensitive files, encrypting them, and threatening the owner with deletion of the files if they did not pay a ransom for the encryption key. However, companies quickly grew wise to this threat, creating and storing various copies of their data elsewhere to negate the risk of encryption and deletion.

In turn, this has led ransomware companies to evolve, with many now not only encrypting the compromised files but exporting them and threatening to leak or sell the sensitive data if their demands are not met. This is what is known as ‘double extortion’.

With their vast stores of customer data, telcos themselves are becoming increasingly appetising targets for ransomware gangs, with reports of attacks increasing dramatically since the start of the pandemic, which forced millions of people to work from home and therefore potentially created new vulnerabilities.

The most notable of these attacks took place against T-Mobile around a year ago, with an attack compromising data for millions of existing, past, and even prospective T-Mobile customers.

According to a recent report from Acronis, ransomware has rapidly become the number one threat to medium and large-sized organisations in 2022.

Want to keep up to date with the latest developments in the world of telecoms? Subscribe to receive Total Telecom’s daily newsletter here

Also in the news: