North East BIC Cyber Attack: ALPHV Claims 317GB Data


The ALPHV ransomware group, also identified as Blackcat, has added a UK-based office space rental agency to its list of victims.

The group has claimed to have successfully extracted a substantial 317 GB of data during the North East BIC cyber attack.

The hacker collective has issued a threat, giving the company a three-day ultimatum to respond following their claim of the NE-BIC cyber attack. Failure to comply would result in the public release of the stolen data, read their dark web post.

According to the post, the NE-BIC cyber attack claim was made on August 22, 2023.

North East BIC Cyber Attack

The hackers post noted five attachments with stolen data on their leak site.

North East BIC cyber attack
Screenshot from the dark web portal of ALPHV (Photo: Falcon Feeds/ Twitter)

The website of the NE-BIC was accessible at the time of writing amidst claims of a cyber attack.

The Cyber Express emailed the company seeking comments about the alleged North East BIC ransomware attack. We will update this report based on their response.

Data Stolen from the Alleged North East BIC Cyber Attack

North East BIC cyber attack
ALPHV claims the North East BIC ransomware attack (Photo: Falcon Feeds/ Twitter)

The hackers posted samples of the exfiltrated data from the North East BIC cyber attack on their leak site. Threat Intelligence platform Falcon Feeds tweeted the above screenshots with blurred data from Blackcat’s website.

The images reflected photographs of people on documents. However, the authenticity of the documents was not confirmed by Falcon Feeds.

“About 317 GB of data taken from your main fail servers and has been downloaded. You have 3 days for contact with us to decide this pity mistake, which made your IT department, decide what to do next step,” Blackcat wrote in the NE BIC ransomware attack message.

The hackers threatened to publish the data which they wrote were citizens’ confidential documents. The dataset contained the following information internal company data –

  1. Employees’ personal data
  2. Curriculum Vitae (CV)
  3. Driving License (DL)
  4. Social Security Number (SSN)
  5. Financial reports
  6. Accounting data
  7. Information about loans
  8. Insurance data
  9. Agreements

The client documents stolen in the North East BIC cyber attack included the following information –

  1. Driving License
  2. Identity Document (ID)
  3. Social Security Numbers
  4. Financial data
  5. Credit card data
  6. Information about loans
  7. Agreements

The hackers also stated that they were in possession of other commercial confidential data from the NE-BIC cyber attack.

North East BIC and Blackcat ransomware group

North East BIC is a non-profit social enterprise based in Sunderland, UK. The company offers business scaling support to promote innovation and growth.

North East BIC recently received an award from the Ministry of Defence’s Employer Recognition Scheme (ERS) for its ongoing support to the nation’s armed forces community.

ALPHV ransomware group listed several organizations on its victim list in the recent past. Ransomware News, a source that shares information about cyber attack assertions discovered on the dark web, has highlighted several incidents claimed by Blackcat.

Some of the claims by the ransomware group include –

  1. Sirius Computer Solutions
  2. Atlantic Federal Credit Union
  3. Triune Technofab Private Limited
  4. Davidoff Hutcher & Citron
  5. Seiko Group Corporation
North East BIC cyber attack
Screenshot of ALPHV’s API integration (Photo: Cyble Blog)

ALPHV was also mentioned in threat intelligence reports for the API feature found on its leak site.

Explaining the feature on ALPHV’s dark web portal, a Cyble blog noted – “ALPHV ransomware released a Python crawler designed to synchronize their leak posts and attachments with any database.”

“The crawler has a feature that ensures that only modified or new articles are considered for synchronization by utilizing the updatedDt field,” the threat intelligence report further added.

Out of the several benefits to the hacker group, the Cyble blog noted that this new addition could be beneficial in accessing old and new leak posts and attachments with exfiltrated data.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link