"Hive Ransomware Group Leaks Data From European Retailer"

The Hive Ransomware-as-a-Service (RaaS) group claims to have published customer data obtained during an attack on French sports retailer Intersport in November. The notorious RaaS group leaked some Intersport data to its dark web leak site and threatened to leak more unless the retailer paid extortion money. According to the French publication Le Monde, the hack allegedly included passport information for Intersport employees from stores in northern France, pay slips, a list of former and current employees from other stores, and Social Security numbers. La Voix du Nord reported the hack occurred during Black Friday sales and prevented employees from accessing cash registers. The incident also required manual restocking at the stores. The Swiss company operates 5,800 stores worldwide, 780 of which are in France. According to the US federal government, Hive has impacted over 1,300 businesses worldwide, collecting approximately $100 million in ransom payments. Depending on the affiliate carrying out the ransomware attack, the group employs various methods to gain access. Affiliates have used a lack of multi-factor authentication (MFA) to gain access to Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), and other remote network connection protocols in some cases. In other cases, it has evaded MFA by exploiting CVE-2020-12812, a now-patched improper authentication vulnerability in Fortinet's operating system. This article continues to discuss the Hive RaaS group leaking customer data stolen from Intersport. 

InfoRiskToday reports "Hive Ransomware Group Leaks Data From European Retailer"