Friday 9th September 2022

IntSum – Week 36 | 5th – 9th September 2022

Key Issue: Hive ransomware affiliates compromise French fashion giant Damart
Cybercriminals: Ransomware groups target organisations in large networks

NationState: Newly identified state units launch highly targeted campaigns
Hacktivists: AgainstTheWest continues targeting Chinese entities



Our key issue this week covers the compromise of the French fashion giant, Damart by affiliates of the ransomwareasaservice gang, Hive. Hive affiliates compromised Damart’s Active Directory, which enables user authentication across the target network’s systems and applications. However, the affiliates were detected by Damart’s security team after attempting to install a backdoor on the network, preventing the perpetrators from establishing a connection to its CommandandControl infrastructure. With minimal time to conduct internal reconnaissance and identify valuable assets on the network to encrypt, the affiliates executed
partial encryption of Damart’s servers before the company shut down its servers to prevent further damage.

In a ransom note delivered to Damartex, Damarts parent company, the affiliates demanded USD 2 million in Bitcoin to provide a decryption key. This incident reaffirms that Hive affiliates remain focused on big game hunting operations, targeting highprofile entities to maximise its profits. Damartex, which generated EUR 719 million over the 2021 fiscal year, was likely selected due to its financial strength. This incident also demonstrates that despite early detection, ransomware extortionists can rapidly execute partial encryptions and create sufficient disruption.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.