The Hive ransomware-as-a-service group says it posted customer data obtained during a November attack against French sports retailer Intersport.
The notorious ransomware-as-a-service group posted a tranche of Intersport data to its dark web leak site on Monday and threatened to leak more unless the retailer pays extortion money.
The hack allegedly included passport details of Intersport staff from stores in northern France, their pay slips, a list of former and current employees from other stores, as well as Social Security numbers, French publication Le Monde reported.
La Voix du Nord reported the hack occurred during the Black Friday sales and prevented staff from accessing the cash registers. The incident also forced the stores to do manual restocking.
The group uses a variety of methods to gain access, depending on the affiliate executing the ransomware attack. In some cases, affiliates have taken advantage of a lack of multifactor authentication to access Remote Desktop Protocol, VPNs or other remote network connection protocols.
In others, it has bypassed multifactor authentication to gain access to FortiOS servers by exploiting CVE-2020-12812, a now-patched improper authentication vulnerability in Fortinet’s operating system.
