HTC Global Services, an IT services and business consulting company, has confirmed a cyberattack after the ALPHV ransomware gang leaked screenshots of stolen data.
The company announced the incident through its X account on Wednesday, stating that they are “actively investigating and addressing the situation to ensure the security and integrity of user data.” They have also engaged cybersecurity experts to assist with the investigation and resolution.
The ALPHV data leak site listed HTC alongside screenshots of allegedly stolen data, including passports, contact lists, emails, and confidential documents. Cybersecurity expert Kevin Beaumont believes the attack may have exploited the Citrix Bleed vulnerability through a susceptible Citrix Netscaler device used by one of HTC’s business units.
ALPHV, formerly known as DarkSide and BlackMatter, is a ransomware operation known for targeting global enterprises and adapting its tactics. Recently, the group has collaborated with English-speaking threat actors, leading to attacks like the encryption of 100 ESXi hypervisors at MGM Resorts.
The attack on HTC Global Services highlights the ongoing threat posed by ransomware gangs, particularly their targeting of critical infrastructure. This incident may prompt increased scrutiny from US law enforcement and further emphasize the importance of cybersecurity measures for businesses.
It is important to note that HTC Global Services has not yet publicly confirmed the specific nature of the attack or the extent of the data breach. Further information is expected to be released as the investigation progresses.