ALPHV, aka BlackCat, was reportedly behind the European Pipeline Creos Luxembourg S.A attack…

Continue reading
ALPHV ransomware gang, also known as BlackCat, claimed responsibility for a cyberattack on Creos Luxembourg S.A., a natural gas pipeline and electricity network operator in the central European nation, last week.
Encevo, the owner of Creos and an energy provider in five EU nations, revealed on July 25 that they had been the target of a cyberattack between July 22 and July 23.
Despite the fact that the cyberattack rendered the client portals of Encevo and Creos inaccessible, there was no disruption to the services offered.
The corporation released an update on the incident on July 28, with preliminary investigation findings showing that the network intruders had exfiltrated "some data" from the compromised systems.
Encevo was unable to estimate the scale of the impact at the time and encouraged consumers to be patient until the investigations were complete. Everyone would then receive a customized notice at that time.
Since no additional updates have been uploaded to Encevo's media portal, likely, that this procedure is still in progress. Encevo adds that when additional information regarding the hack becomes available, it will be shared on a dedicated webpage.
All customers are advised to reset their online account credentials, which they used to connect with Encevo and Creos services, for the time being. Additionally, if the same passwords are used on other websites, customers should also change their passwords.
Secure Blink has reached out to Creos to inquire about the impact of the cyberattack, but a representative for the company has declined to comment at this time.
Saturday, the ALPHV/BlackCat ransomware organization added Creos to its extortion website, threatening to release 180,000 stolen files totaling 150 GB, including contracts, agreements, passports, bills, and emails.
While no precise time was specified, the hackers promised that the revelation would come later today (Monday).
ALPHV/BlackCat has recently introduced a new extortion platform that makes stolen data searchable by site visitors to raise the pressure on their victims to pay the ransom.
While BlackCat continues to develop data extortion, they never seem to learn from their failures and continue to target high-profile organizations, which will most certainly draw the attention of international law enforcement agencies.
BlackCat is considered to be a rebranded DarkSide outfit, which ceased operations in response to pressure from law authorities after its highly publicized ransomware attack on Colonial Pipeline.
After disbanding DarkSide, they rebranded as BlackMatter to elude law enforcement, but the pressure was so great that the gang was forced to disband once more.
Since the threat actors' rebranding as BlackCat/ALPHV in November 2021, they tend to bypass large American targets in favor of European entities, such as Austrian states, Italian fashion chains, and a Swiss airport service provider.
However, they have not learned from their blunders and continue to attack vital infrastructure, such as the German fuel delivery company Oiltanking in February and Creos Luxembourg today.

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.