Roblox and Twitch data allegedly got into the hands of the notorious ALPHV/BlackCat ransomware cartel after attackers supposedly breached an accounting software provider, Tipalti.
ALPHV ransomware posted Tipalti, a Canada-based accounting software fintech, on its dark web blog, used to showcase the gang‘s latest victims. Somewhat unusually, the ALPHV immediately resorted to extorting the victim‘s clients. The move is likely meant to encourage ransom negotiation.
Cybercrooks claim they breached Tipalti in early September and managed to remain undetected for months, allegedly exfiltrating over 265 GB of sensitive company data, including information on its employees and customers.
We reached out to Tipalti, Roblox and Twitch for comment but did not immediately receive a reply.
Tipalti’s website claims the company provides accounts payable, procurement, and global payments automation software for businesses. Besides Roblox and Twitch, Tipalti lists X (formerly Twitter), GoDaddy, National Geographic, Business Insider, SkillShare, Canva, and others among its clients.
In an unusually long post on its dark web blog, ALPHV insisted it would target Tipalti, Roblox, and Twitch. The gang’s strategy appears to threaten Tipalti to publish data of its other customers and use recognizable brands such as Roblox and Twitch as an example.
“We remain committed to this exfiltration operation, so we plan to reach out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then,” attackers said.
ALPHV threatened Roblox, the popular game platform and game creation system, separately, claiming it will “individually extort affected parties such as their creators,” as the supposed Tipalti breach revealed data on creator tax documents.
In early July 2022, a threat actor breached an employee account of Roblox Corporation and posted a cache of internal documents online. The hacker has already released a 4GB archive of internal documents to the forum post for public viewing.
Who is ALPHV/Black Cat ransomware?
ALPHV/BlackCat ransomware was first observed in 2021. Like many others in the criminal underworld, the group operates a Ransomware-as-a-Service (RaaS) business, selling malware subscriptions to criminals.
According to an analysis by Microsoft, the threat actors that began deploying it were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.
The FBI believes that money launderers for the ALPHV/BlackCat cartel are linked to the Darkside and Blackmatter ransomware cartels, indicating that the group has a well-established network of operatives in the RaaS business.
The gang gained international attention earlier this year after it, together with Scattered Spider hackers, attacked MGM Resorts International and Caesars Entertainment.
According to Ransomlooker, the Cybernews’ ransomware monitoring tool, ALPHV was among the most active gangs in the last 12 months, victimizing over 320 organizations worldwide.
Your email address will not be published. Required fields are markedmarked