IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data.
HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries.
While HTC has not posted a statement to the company website, they issued a brief announcement last night on X confirming the attack.
This announcement comes after the ALPHV ransomware gang listed HTC on their data leak site, along with screenshots of allegedly stolen data.
The leaked data includes passports, contact lists, emails, and confidential documents allegedly stolen during the attack.
While little information about the attack on HTC is available, cybersecurity professional Kevin Beaumont believes the company was breached using the Citrix Bleed vulnerability.
According to Beaumont, one of HTC's business units, CareTech, operated a vulnerable Citrix Netscaler device, which was exploited for initial access to the company's network.
BleepingComputer has contacted HTC Global Services with questions about the attack and whether they were breached using Citrix Bleed, but a response was not immediately available.
The ALPHV/BlackCat ransomware operation launched in November 2021, is believed to be a rebrand of the DarkSide and BlackMatter ransomware operations.
After rebranding again as BlackMatter in July 2021, their operations abruptly ceased in November 2021 when authorities seized their servers, and security firm Emsisoft created a decryptor exploiting a ransomware vulnerability.
This ransomware operation is known for consistently targeting global enterprises and continuously adapting and refining their tactics, and has seen a surge in attacks recently.
This evolution includes working with English-speaking threat actors, who utilize their encryptors and infrastructure to launch extortion attacks.
In a recent incident, a group of English-speaking affiliates tracked as Scattered Spider claimed responsibility for the attack on MGM Resorts, saying they encrypted over 100 ESXi hypervisors during the attack.
The company has also recently attacked a publicly owned electricity provider and a hospital network, both classified as critical infrastructure in the United States.
The attacks on critical infrastructure may once again be the tipping point that leads to increased scrutiny by US law enforcement.
Tipalti investigates claims of data stolen in ransomware attack.
MGM casino's ESXi servers allegedly encrypted in ransomware attack.
MGM Resorts ransomware attack led to $100 million loss, data theft.
Healthcare giant Henry Schein hit twice by BlackCat ransomware.
Ransomware gang files SEC complaint over victim's undisclosed breach.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 06 Dec 2023 00:00:08 +0000