As a result of a large-scale FBI operation against Alphv (BlackCat), the cybercrower group faced serious problems. The FBI captured the house of Alphv in a dark network, which could strike at its reputation and activity.
On December 7, negotiations and leakage of the group’s data on the Tor network suddenly stopped working. Alphv administrators wrote off the problem as issues with hosting, but it soon became clear that the reason was the operation of law enforcement agencies. Later, the US Department of Justice announced the successful penetration of the FBI into the infrastructure of the extortion group Alphv (BlackCAT). The operation allowed agents to monitor the actions of hackers and obtain the keys for decryption of data.
The incident occurred after a high-profile attack at the MGM Resorts International casino, which attracted significant attention and caused substantial losses for the company. Barrier Networks emphasized that such cybercrimes inevitably draw the attention of law enforcement agencies.
Despite the fact that the group continues its activities, finding new partners will be difficult. The authorities have issued a warning against collaboration with Alphv, weakening the group’s position and demonstrating their vulnerability. The FBI operation has also severely damaged Alphv’s reputation. The group worked by providing its affiliates with part of the income. However, any indication of the presence of law enforcement agencies among members of the group can deter potential partners.
Following the FBI announcement, the group threatened to attack nuclear power plants and critical infrastructure in an attempt to attract new participants with a promise of a 90% ransom. However, their competitor, the Lockbit group, quickly started recruiting affiliates and participants from Alphv. LockBit offered to utilize their leaked data and negotiation panel, especially if the affiliates have copies of stolen data.
BINARY Defense pointed out that this incident could lead to the sale of the ALPHV’s source code and the emergence of new extortion software campaigns. Some branches of ALPHV, such as the Scattered Spider team suspected of being behind the attacks on MGM and CEASAR, are capable of operating independently. It is also believed that ALPHV members might join other extortion groups.
The FBI, by confiscating the Alphv infrastructure in the dark network and releasing a decryption tool, has helped many victims recover their data. However, the global fight against cybercrime continues, as there are always new attackers ready to take the place of Alphv.