Data allegedly belonging to international sports retailer Intersport has been posted onto the dark web blog of prolific Ransomware gang Hive.
It follows a cyberattack in November which took place during Black Friday week. The alleged stolen information appeared on the blog last night.
Founded in France, but now headquartered in Switzerland, Intersport has 5,800 stores worldwide in 65 countries, including 270 in the UK and Ireland.
Has Intersport suffered a cyberattack?
Screen grabs of the blog show that the gang are claiming to have hacked the sportswear company at 16:03 on 23 November. The data was posted to the dark web yesterday, which would suggest that the company has not paid a ransom following the attack. However, no details of any ransom demand have been revealed, and it is not clear if the breach affects the company’s systems outside of France.
Intersport has confirmed it suffered an attack, according to local media reports, with customers informed in-store by a note saying: “We are currently facing a cyberattack on Intersport’s servers which is preventing us from access to our cash registers, the loyalty card service and the gift card service.” The issues continued for several days, with staff unable to access cash registers.
“We are working with manual checkouts, we have to note everything by hand to ensure that stocks follow, which sometimes causes a bit of a delay,” an Intersport store manager told La Voix du Nord.
Tech Monitor has contacted the company for further detail but it has not returned our request at the time of writing.
Intersport was the victim of another cyberattack in 2020. According to cybersecurity company ESET, the company was targeted by a Magecart campaign.
Shoppers using the company’s website in Croatia, Serbia, Slovenia and Montenegro were the victim of a skimming attack, where the victim is taken to a bogus website after they click “submit” to redeem their purchase, where they are lured into paying the wrong person.
Hive creating more buzz with its ransomware
Ransomware-as-a-Service gang Hive has been ramping up its activity throughout this year. “As of November 2022, Hive ransomware actors have victimised over 1,300 companies worldwide, receiving approximately $100m in ransom payments,” stated an FBI advisory last month.
The main targets of the gang are normally the health and education sectors, but they have been happy to branch out into other sectors, with an attack launched on the gas giant PGN earlier this year.
The FBI says Hive is garnering access to victim networks by using single-factor logins via remote desktop protocol and virtual private networks. Criminals using Hive ransomware have also bypassed multi-factor authentication and exploited common vulnerabilities in systems such as the Microsoft Exchange Server email platform to gain access to systems.