The ALPHV and BlackCat leak sites have been disrupted for days. Some of them cannot be accessed or do not show any content. In darknet forums, admins from other APT groups claim that the servers have been taken over by ALPHV.
The Advanced Persistent Threat (APT) group ALPHV, also known as BlackCat, is a ransomware group that first emerged in November 2021. The group is known for carrying out sophisticated ransomware attacks on companies and organizations around the world. But for a few days now, the ransomware group's leak pages have either not been accessible or show no content.
Darknet admins talk about raid on ALPHV
The operators and admins at ALPHV and BlackCat are not really talkative. The ALPHV admin only reported on the darknet with the sentence “Everything will work soon”. However, has The security company Redsense posted a conversation on LinkedInthat confirms the rumor of a raid on the server. It states: “…threat actors, including BlackCat affiliates and Initial Access Brokers, believe the shutdown was caused by a law enforcement operation. In particular, other ransomware executives from the top groups directly connected to AlphV (or even connected through a collective partnership), particularly admins and team leads from Royal/BlackSuit, BlackBasta, LockBit and Akira, also confirm this.”
In the last major operation, the ALPHV group hacked some casinos and hotels in Las Vegas and demanded a ransom. Perhaps this was one of the group's last actions. Because the FBI and many other police organizations are catching more and more people responsible for cyber attackers and dismantling the groups. That's what happened dismantling the Ragnar Locker ransomware gangwhich QBot or Qakbot network dissolved or last HIVE members arrested.
Editor/sel
Matching articles on the topic