Altice, owner of the operator SFR and many TV channels, is the victim of ransomware. An attack carried out by the Hive gang that the media and communications group refuses to comment on. And whose scope we do not know.
The case has curiously gone under the radar for several weeks. But it is not trivial for all that. Like specialized sites Total Telecom and RedPacket Security have revealed, the Altice group has been the victim of ransomware since the beginning of August. The attack might seem banal as this form of computer blackmail has spread in recent years, hitting large companies as well as institutions or public bodies. The problem is that Altice is not a company quite like the others: founded by the famous businessman Patrick Drahi, this group with multiple subsidiaries is a leading player in the field of telecommunications and the media since, following various takeovers, it owns the operator SFR and many French radio and television channels, including versions of BFMTV and RMC, and, recently, 6ter and TFX, bought from M6 and TF1 . Needless to say, Drahi’s empire has highly sensitive data in its files…
Altice: an attack led by Hive, a well-known gang
And that is the problem. Because, as we know, the principle of ransomware attacks – or ransomware in plain English – consists of breaking into computer systems to make files and software inaccessible, by encrypting them. The hackers behind this kind of high-flying operation demand a ransom – obviously high… – to restore access to the data thus locked. Otherwise, they simply destroy them or disclose them publicly. And if Altice does not seem to have to fear the first threat – IT teams would have copies in a safe place – it is quite different for the second option, which would amount to putting sensitive data in the wild – or selling it to the highest bidder on the Dark Net.
The threat is all the more serious and worrying as the operation would have been carried out by Hive, a group of well-known hackers, which has already distinguished itself by its feats of arms in recent years by attacking behemoths such as Fnac/Darty and T-Mobile, the German operator. For the time being, nothing is known of the demands of the gang, which claimed its exploit only two weeks later, on August 25. But nothing is known either of the intentions of Altice, which observes a military silence on this attack, refusing to comment. Even if we can understand this silence, we are entitled to wonder about the nature of the files encrypted by Hive: is it only data for internal use, obviously necessary for the proper functioning of the group, or contain- they much more sensitive information, related in particular to SFR (and RED) customers? Let’s hope that light will soon be shed on this astonishing case.