A newly emerged hacking group has listed the China-headquartered security camera company Hikvision as a victim of a data breach on its darknet leak site.
The ALP-001 ransomware group posted limited details of the incident in a 21 March leak post and claimed to have stolen 19.9 terabytes from the company.
A link to sample data is currently broken, although the hackers are threatening to begin publishing the data in 200-gigabyte portions within five days.
No ransom demand was listed by ALP-001, nor were any other details regarding the incident provided.
Hikvision is investigating the claims.
“Hikvision is aware of reports that it has been named by a threat actor and is actively investigating these claims," a company spokesperson told Cyber Daily.
"At this time, we have seen no evidence of ransomware or operational disruption.”
Who is ALP-001?
ALP-001’s first victim was only listed on 21 March, when the threat actor was first observed by threat researchers.
However, according to analysts at cyber security firm ReliaQuest, the group’s activity has been traced back to an initial access broker (IAB) active on underground hacking forums earlier this year.
“The Tox and Session IDs on the leak site matched those we found being used by an established IAB user on Exploit and DarkForums (formerly referring to themselves as ‘Alpha Group’ and ‘DGJT Group’),” ReliaQuest said.
“We also found direct crossovers: a French manufacturing org ($543 million revenue) listed on the leak site today exactly matches a January 2026 forum access sale by the same user.”
ReliaQuest believes, therefore, that ALP-001 represents an access broker scaling up to a “full-fledged extortion operation”.
“While they have escrow-verified credibility for selling access, their actual data exfiltration capabilities remain unconfirmed,” ReliaQuest said.
The hackers themselves, however, describe themselves as a “specialised and discreet collective of cyber security professionals and data acquisition specialists”.
“We are not activists; we are a pragmatic enterprise,” the group said on its leak site.
“The choice is always yours: a private, financial settlement or a public, irreversible data disclosure.”
Who is Hikvision?
Hikvision is no stranger to cyber security drama. The company, which makes video surveillance equipment, is headquartered in Hangzhou, the capital of Zhejiang province in China and is partly state-owned.
Several of its products have been found to be host to cyber security vulnerabilities, and it is the subject of several sanction regimes and bans. Hikvision devices are also heavily used in state-run internment camps and have been linked to mass surveillance of China’s Uyghur population.
Hikvision has offices around the world, including in Australia, and while its cameras remain commercially available, its devices were removed from government buildings in early 2023.
UPDATED 26/03/26 to add Hikvision commentary.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.