A newly emerged hacking group has listed the Chinese-headquartered security camera company Hikvision as a victim of a data breach on its darknet leak site.
The ALP-001 ransomware group posted limited details of the incident in a March 21 leak post, and claimed to have stolen 19.9 terabytes from the company.
A link to sample data is currently broken, although the hackers are threatening to begin publishing the data in 200-gigabyte portions within five days.
No ransom demand was listed by ALP-001, nor any other details regarding the incident.
Hikvision has not responded to Cyber Daily’s request for comment.
Who is ALP-001?
ALP-001’s first victim was only listed on March 21, when the threat actor was first observed by threat researchers.
However, according to analysts at cyber security firm ReliaQuest, the group’s activity has been traced back to an Initial Access Broker active on underground hacking forums in earlier this year.
“The Tox and Session IDs on the leak site matched those we found being used by an established IAB user on Exploit and DarkForums (formerly referring to themselves as ‘Alpha Group’ and ‘DGJT Group’),” ReliaQuest said.
“We also found direct crossovers: a French manufacturing org ($543M revenue) listed on the leak site today exactly matches a January 2026 forum access sale by the same user.”
ReliaQuest believes, therefore, that ALP-001 represents an access broker scaling up to a “full-fledged extortion operation”.
“While they have escrow-verified credibility for selling access, their actual data exfiltration capabilities remain unconfirmed,” ReliaQuest said.
The hackers themselves, however, describe themselves as a “specialised and discreet collective of cybersecurity professionals and data acquisition specialists”.
“We are not activists; we are a pragmatic enterprise,” the group says on its leak site.
“The choice is always yours: a private, financial settlement or a public, irreversible data disclosure.”
Who is Hikvision?
Hikvision is no stranger to cyber security drama. The company, which makes video surveillance equipment, is headquartered in Hangzhou, the capital of Zhejiang province in China, and is partly state-owned.
Several of its products have been found to be host to cyber security vulnerabilities, and it is the subject of several sanction regimes and bans. Hikvision devices are also heavily used in state-run internment camps, and has been linked to mass surveillance of China’s Uyghur population.
Hikvision has offices around the world, including in Australia, and while its cameras remain commercially available, its devices were removed from government buildings in early 2023.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.