HTC Global Services has confirmed it suffered a cyber attack after the BlackCat ransomware group (also known as ALPHV) recently leaked photos of what it claimed to be data stolen from the IT services and business consulting company. The data includes passports, contact lists, emails and confidential documents. In a short statement posted on X (formerly Twitter), HTC said it has encountered a “cyber security incident” which it is investigating.
While there is currently little known detail about the nature and extent of the incident, cyber security researcher Kevin Beaumont suggested that HTC was breached as a result of the Citrix Bleed vulnerability.
“HTC has experienced a cyber security incident. Our team has been actively investigating and addressing the situation to ensure the security and integrity of user data,” the firm’s statement read. “We’ve enlisted cyber security experts and are working to resolve it. Your trust is our priority.”
Commenting on the incident, Kennet Harpsøe, senior cyber analyst at cyber security company LogPoint, said that it appears that HTC is being actively extorted by the BlackCat/ALPHV group. “It’s unclear if BlackCat has hit HTC with ransomware and is thus engaging in double extorsion or if they have simply skipped the ransomware and gone straight to extortion with leaked data. A strategy we have seen others employ lately.”
The probable initial attack vector – the Citrix Bleed vulnerability – was published in mid-October but has been actively exploited since at least August of this year, making it a zero day vulnerability, Harpsøe said. “This underscores the importance of patching published vulnerabilities but also that zero days are unavoidable, underscoring the need for defense in depth.”
The BlackCat/ALPH ransomware group – known for employing some of the most ruthless extortion tactics ever seen including leaking clinical photos of breast cancer patients – has been prolific in its malicious activity recently. Last month, the gang reported one of its victims to the US Securities and Exchange Commission (SEC) for failing to comply with a four-day cyber attack disclosure rule. The unprecedented move was an effort to exert more pressure on software company MeridianLink, from which BlackCat/ALPHV claimed to have stolen customer data and operational information.
In the same week, the group was tracked attacking corporations and public entities in the Americas and Europe in a malvertising campaign. A Russian-speaking affiliate of the gang adopted new attack tactics to infect targets – using Google Ads to deliver Nitrogen malware – according to eSentire research. The group was also behind the $100 million MGM Resorts cyber attack in September.
Report: 'Diagnosing Disaster: How To Recover From An Attack'
This report on incident response and recovery offers pivoting strategies and identifies top internal and external challenges for security teams.
This report on incident response and recovery offers pivoting strategies and identifies top internal and external challenges for security teams.
Hackers stole information on all users of Okta’s customer support system
The Canadian government has disclosed a data breach after contractor hacks exposed information datin…
Data breach exposed includes Social Security numbers, information on physical and mental health cond…
US federal agencies are revealed to be the latest victims of hacking group Clop
Czech government and airport websites affected by cyber attack
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.