Access control giant hit by ransom attack, NATO, Alibaba, Thales and others affected

ALPHV/BlackCat, a ransomware group suspected of being linked to Russia, has attacked security access control manufacturer Automatic Systems, potentially affecting NATO, Alibaba, Thales, and several other entities and organizations.

Following the attack, ALPHV/BlackCat posted information about affected customers of security access control manufacturer Automatic Systems on a leaked Dark Web site, including more than one hundred samples of stolen data such as non-disclosure agreements and copies of passports.

Soon after, Automatic Systems posted a message on its website acknowledging the cyberattack, stating that the breach occurred on June 3, that the threatened attackers targeted some of its servers, and that upon realizing the attack, the company immediately took protective measures as a way to stop the spread of the ransomware.

ALPHV/BlackCat said it stole a large amount of personal information, financial data, passport details and other information from Automatic Systems' partners and customers.

In a post on a dark web blog, the group said the stolen data included confidential documents on cooperation with NATO, procurement of equipment for military companies, and detailed plans for the installation and use of such equipment. In addition, the posts indicate that Alibaba appears to have a business relationship with the victim, Automatic Systems.

Automatic Systems claims the attack is under investigation and has contacted law enforcement authorities in Belgium, where it is headquartered. The company, which employs nearly 400 people and manufactures vehicle, pedestrian and passenger access control systems, is a subsidiary of French manufacturing giant Bollor茅.

What is ALPHV/BlackCat ransomware?

First discovered by security personnel in 2021, the ALPHV/BlackCat ransomware is an organization that operates a ransomware-as-a-service (RaaS) business that sells malware subscription services to criminals and is known for its use of the Rust programming language. According to a Microsoft analysis, ALPHV/BlackCat ransomware has partnered with other well-known ransomware families such as Conti, LockBit and REvil.

ALPHV/BlackCat has become one of the most active ransomware groups today, and the FBI believes the ALPHV/BlackCat cartel money launderers have ties to the Darkside and Blackmatter ransomware cartels, suggesting the group may have a well-established network in the RaaS business.

Judging from data made public by cybersecurity analyst ANOZR WAY, the ALPHV/BlackCat cartel may be responsible for about 12 percent of the ransomware attacks that occurred in 2022. In mid-May, the ALPHV/BlackCat cartel compromised the Mazars Group, an international auditing, accounting and consulting firm.

In early June, the ALPHV/BlackCat group attacked Casepoint, a legal technology platform used by U.S. courts, the U.S. Securities and Exchange Commission and the Department of Defense.