Data on the Darknet: ALPHV hacks US defense company Ultra  

B2B Cyber ​​Security ShortNews

Share post

Most recently, BlackCat fought with the FBI with ALPHV - now the APT group has landed a new hack: The US company Ultra I&C, which supplies Switzerland, NATO and many other countries with military equipment and cybersecurity, is said to have lost 30 GB of data have them available for download on the dark web. 

There is currently no official statement from Ultra I&C (Ultra Intelligence & Communications) on the hack by the Russian APT group BlackCat with the ransomware ALPHV, but other bodies, such as the Swiss Army, have. The Federal Department of Defense, Civil Protection and Sport – DDBS for short – confirmed the hacker attack to the SRF. The VBS comment reads: “Armasuisse and the Defense Group were informed of the ransomware attack by the company Ultra Intelligence & Communications.” According to current knowledge, operational systems of the Swiss Army are not affected.

30 GB of data from Ultra I&C probably on the darknet

🔎 BlackCat's leak page with the ALPHV ransomware claims to have stolen 30 GB of sensitive data from the defense company Ultra (Image: B2B-C-S).

On the BlackCat / ALPHV group's leak page you can see an entry with lots of data and screens. The SRF has probably viewed some of the data and reports on a contract found between the VBS and the US company Ultra I&C for almost five million dollars. According to the leaked documents, the Swiss DDPS purchased technology for the Air Force's encrypted communications.

BlackCat-ALPHV writes on its site: “Our team penetrated Ultra I&C's network and stole approximately 30 GB of sensitive data from there. We had enough time to get our hands on some interesting papers.” According to the SRF's investigation with an expert, the leaked data shows that Ultra I&C carries out orders worldwide for defense companies, police and military authorities. Including the FBI and NATO.

What is particularly sensitive is the fact that Ultra I&C also sells cybersecurity products. Those responsible still have to clarify to what extent the data leak and the stolen data may contain important secrets. Partners and customers will certainly expect comprehensive answers and expertise.

BlackCat weakened by the FBI with ALPHV?

During the last operation by the FBI, it was certain that the infrastructure of the APT group BlackCat / ALPHV was severely weakened. As a counter-action, the group, which was probably Russian, published a statement saying that there should be no more limits in the coming actions. The current attack was probably not aimed at blackmail. Based on the current situation, it was probably just an attack intended to cause as much damage and unrest as possible among Western allies.

More at


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more