Fraud Management & Cybercrime , Ransomware

Hive Ransomware Group Leaks Data From European Retailer

Black Friday Attack Affected Intersport Outlets in Northern France
Hive Ransomware Group Leaks Data From European Retailer

The Hive ransomware-as-a-service group says it posted customer data obtained during a November attack against French sports retailer Intersport.

See Also: Live Webinar | Crack Australia’s Code on Ransomware: Empowering Your Last Line of Defence

The notorious ransomware-as-a-service group posted a tranche of Intersport data to its dark web leak site on Monday and threatened to leak more unless the retailer pays extortion money.

The hack allegedly included passport details of Intersport staff from stores in northern France, their pay slips, a list of former and current employees from other stores, as well as Social Security numbers, French publication Le Monde reported.

La Voix du Nord reported the hack occurred during the Black Friday sales and prevented staff from accessing the cash registers. The incident also forced the stores to do manual restocking.

The Swiss company has 5,800 outlets across the world, 780 of which are located in France. The company did not immediately respond to a request for comment.

Hive has hit more than 1,300 companies worldwide, collecting about $100 million in ransom payments, the U.S. federal government said in late November.

The group uses a variety of methods to gain access, depending on the affiliate executing the ransomware attack. In some cases, affiliates have taken advantage of a lack of multifactor authentication to access Remote Desktop Protocol, VPNs or other remote network connection protocols. In others, it has bypassed multifactor authentication to gain access to FortiOS servers by exploiting CVE-2020-12812, a now-patched improper authentication vulnerability in Fortinet's operating system.

Other affiliates have used phishing emails containing malicious attachments that take advantage of vulnerabilities in Microsoft Exchange servers. Specifically, CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.