hiveleak attacks Altice International

Incident Date:

August 25, 2022

World map

Overview

Title

hiveleak attacks Altice International

Victim

Altice International

Attacker

Hiveleak

Location

Angers, France

Pont-de-l'Isère, France

First Reported

August 25, 2022

Altice International Hit by Hive Ransomware Group

Altice International, a telecommunications company headquartered in the Netherlands, has reportedly been hit by the Hive ransomware group. Altice serves millions of customers in Western Europe, Israel, and the Caribbean.

Company Overview

Altice International is the second largest telecommunications company in France, behind Orange. The company was founded by Patrick Drahi and is headquartered in the Netherlands. It operates in various countries, including the United States, where it spun off its US subsidiary into Altice USA. In 2021, Altice acquired a 12.1% stake in BT, which was later increased to an 18% stake.

Vulnerabilities and Impact

The scale and damage of the attack have not been confirmed, but it has been reported that files from Altice are available for download on the dark web through the Tor browser. Hive, the ransomware group responsible for the attack, has been active since June 2021 and has targeted organizations in the healthcare and financial sectors. The group has been known to demand large ransoms, with a recent demand of nearly €600,000 from two British colleges.

Hive's Tactics

Hive has been using the Rust programming language for its malware, which is relatively difficult to decipher. This change in programming language is believed to be an attempt by Hive to stay under the radar. The group has also been known to target public sector organizations, particularly those involved in healthcare.

Mitigation Strategies

While the article does not provide specific mitigation strategies, it is generally recommended for companies to implement robust cybersecurity measures, such as regular software updates, employee training, and the use of endpoint detection and response (EDR) solutions.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.