IntSum – Week 36 | 5th – 9th September 2022

Key Issue: Hive ransomware affiliates compromise French fashion giant Damart
Cybercriminals: Ransomware groups target organisations in large networks
Nation–State: Newly identified state units launch highly targeted campaigns
Hacktivists: AgainstTheWest continues targeting Chinese entities

KEY ISSUE EXPLAINED

Our key issue this week covers the compromise of the French fashion giant, Damart by affiliates of the ransomware–as–a–service gang, Hive. Hive affiliates compromised Damart’s Active Directory, which enables user authentication across the target network’s systems and applications. However, the affiliates were detected by Damart’s security team after attempting to install a backdoor on the network, preventing the perpetrators from establishing a connection to its Command–and–Control infrastructure. With minimal time to conduct internal reconnaissance and identify valuable assets on the network to encrypt, the affiliates executed
partial encryption of Damart’s servers before the company shut down its servers to prevent further damage.

In a ransom note delivered to Damartex, Damart’s parent company, the affiliates demanded USD 2 million in Bitcoin to provide a decryption key. This incident reaffirms that Hive affiliates remain focused on big game hunting operations, targeting high–profile entities to maximise its profits. Damartex, which generated EUR 719 million over the 2021 fiscal year, was likely selected due to its financial strength. This incident also demonstrates that despite early detection, ransomware extortionists can rapidly execute partial encryptions and create sufficient disruption.