IT services and business consulting firm HTC Global Services has fallen victim to a cyberattack initiated by the ALPHV ransomware group, which has subsequently leaked screenshots of pilfered data. HTC Global Services, a managed service provider catering to the healthcare, automotive, manufacturing, and financial sectors, confirmed the incident after ALPHV listed the company on its data leak site.
Although HTC Global Services has not provided an official statement on its website, a brief announcement was made on its X account acknowledging the cybersecurity incident. The company assured active investigation and resolution efforts to safeguard user data integrity and security, emphasizing the enlistment of cybersecurity experts for mitigation.
The ALPHV ransomware gang, previously known as DarkSide and BlackMatter, gained notoriety for high-profile attacks, including the Colonial Pipeline breach. In this recent incident, the leaked data allegedly includes passports, contact lists, emails, and confidential documents.
HTC Global Services listing on the ALPHV data leak platform
While specifics about the HTC attack are limited, cybersecurity expert Kevin Beaumont suggests that the breach might have exploited the Citrix Bleed vulnerability. Beaumont points to CareTech, one of HTC’s business units, operating a vulnerable Citrix Netscaler device as the potential entry point for initial access.
The ALPHV group, with roots in DarkSide and BlackMatter, has demonstrated a propensity for targeting global enterprises and continuously refining tactics. The group, involved in extortion attacks, has recently collaborated with English-speaking threat actors to expand their reach. Notably, affiliates such as Scattered Spider claimed responsibility for the MGM Resorts attack, encrypting over 100 ESXi hypervisors.
In the current landscape, ALPHV affiliates have targeted companies like Tipalti, engaging in extortion practices individually. The group has also directed attacks towards critical infrastructure entities in the United States, posing potential risks that may trigger heightened scrutiny from U.S. law enforcement.
The incident involving HTC Global Services underscores the escalating threats faced by organizations from sophisticated ransomware groups. It highlights the critical importance of robust cybersecurity measures and ongoing vigilance to counter evolving cyber threats, particularly in sectors deemed essential or critical infrastructure.
CyberSec84 | Cybersecurity news. 
Leave a comment