Social media site Reddit reported a hacking incident for which the ALPHV Russian ransomware group has now claimed to be the perpetrator. The group threatens to leak censorship and other sensitive, stolen information in relation to Reddit if the company does not pay $4.5 million.
Reddit had reported the data breach on February after an employee fell victim to a phishing attack, giving passwords that allowed access to a part of the company’s files.
The ransomware group ALPHV, also known as BlackCat, claimed the attack on Saturday, BleepingComputer reported.
BlackCat claimed to have stolen 80 gigabytes (GB) of data from Reddit, including internal documents, source code, employee data, and advertiser data.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” said Reddit chief technology officer Christopher Slowe in a post.
“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
BlackCat has posted an article on its data leaking website and says it plans to leak the data if Reddit does not pay $4.5 million. The hacking group said it contacted Reddit in April and June, asking for the money.
“I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data,” BlackCat’s post says.
“But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took. Did you know they also silently censor users? Along with artifacts from their GitHub!”
The hacking group also demanded the withdrawal of a pricing change Reddit recently did for third-party use of its website.
Reddit did not comment on the hacking group’s post.
The company said that no user passwords, accounts, or credit card information were stolen. It also said the attack was similar to a phishing attack on a video games company that allowed hackers to steal games’ source code.
The hacking group BlackCat did not encrypt, or lock, data for the Reddit attack, even though it is a ransomware group.
Australian Attack
BlackCat has also infiltrated the Australian law firm HWL Ebsworth, obtaining information from the Office of the Australian Information Commissioner (OAIC), a client of the firm, according to a June 15 report.
One of the biggest business law companies in Australia, HWL Ebsworth, offers expert assistance to the OAIC.
This comes after AlphV stole four terabytes of corporate data, including personnel information, in April.
On June 8, the hacker collective was reported to have released more than 1.45 terabytes of sensitive data on the dark web. However, since HWL Ebsworth has a variety of governmental and business clients, it is unclear what information has been released.
“Cyber criminals who accessed our systems have now claimed to have published around one-third of the total data they say has been exfiltrated from our firm,” a company spokesman told the Ausstralian Associated Press. “We are investigating this claim and are seeking to identify what data may have been published.”
The same hacking group released screenshots of stolen data from an attack on computer drive manufacturer Western Digital in March 2023.
BlackCat taunted the company about the attack, which caused an outage to its cloud service.
Western Digital sent notifications to online customers in May, telling them their data had been stolen during the attack, BleepingComputer reported.
Attack on Federal Agencies
The nation’s cyber watchdog agency reported on June 15 that the U.S. government was the target of a global hacking campaign that exploited a vulnerability in a widely used software.
The U.S. Cybersecurity and Infrastructure Security Agency said in a statement that several federal agencies had been compromised after the discovery of a vulnerability in the file-transfer software MOVEit.
CISA did not identify the affected agencies or specify how they were affected.
The online extortion group Cl0p has claimed responsibility for the MOVEit breach. The group wrote that government agencies, cities, and police services should not worry because they had already erased the data.
Microsoft Attack
Microsoft also said on Friday that the outages that affected certain services of the company through some of the earlier days of this month were the result of cyberattacks, but said it saw no evidence of any customer data being accessed or compromised.
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability,’” the company said in a blog post.
Microsoft said it opened an investigation and began tracking the DDoS activity by the threat actor it refers to as Storm-1359 after it identified the threat.
DDoS attacks work by directing high volumes of internet traffic toward targeted servers in a relatively unsophisticated bid to knock them offline.
Microsoft’s 365 software suite, including Teams and Outlook, were down for more than two hours for more than thousands of users on June 5 ,and a brief recurrence the following morning. That was the fourth such outage for Microsoft in a year.
Savannah Hulsey Pointer and Reuters contributed to this report.