Fraud Management & Cybercrime , Ransomware
Hive Ransomware Group Leaks Data From European RetailerBlack Friday Attack Affected Intersport Outlets in Northern France
The Hive ransomware-as-a-service group says it posted customer data obtained during a November attack against French sports retailer Intersport.
See Also: 2022 Unit 42 Incident Response Report
The notorious ransomware-as-a-service group posted a tranche of Intersport data to its dark web leak site on Monday and threatened to leak more unless the retailer pays extortion money.
The hack allegedly included passport details of Intersport staff from stores in northern France, their pay slips, a list of former and current employees from other stores, as well as Social Security numbers, French publication Le Monde reported.
La Voix du Nord reported the hack occurred during the Black Friday sales and prevented staff from accessing the cash registers. The incident also forced the stores to do manual restocking.
The Swiss company has 5,800 outlets across the world, 780 of which are located in France. The company did not immediately respond to a request for comment.
Hive has hit more than 1,300 companies worldwide, collecting about $100 million in ransom payments, the U.S. federal government said in late November.
The group uses a variety of methods to gain access, depending on the affiliate executing the ransomware attack. In some cases, affiliates have taken advantage of a lack of multifactor authentication to access Remote Desktop Protocol, VPNs or other remote network connection protocols. In others, it has bypassed multifactor authentication to gain access to FortiOS servers by exploiting CVE-2020-12812, a now-patched improper authentication vulnerability in Fortinet's operating system.
Other affiliates have used phishing emails containing malicious attachments that take advantage of vulnerabilities in Microsoft Exchange servers. Specifically, CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523.