cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ALPHV is back, but it had to start from scratch

Following its almost week-long outage, the ALPHV ransomware group has brought its dark web leak site back online; however, not all is back to normal.

user icon Daniel Croft
Fri, 15 Dec 2023
ALPHV is back, but it had to start from scratch
expand image

The leak site, as observed by Cyber Daily, is missing the entire database of its prior data breaches.

At the time of writing, only one listing is present on the leak site that claims to contain the data of business management consultant Advantage Group International.

ALPHV claims to have eight terabytes of data from Advantage Group International, which includes data from major clients, including “Coca-Cola, Procter & Gamble, Pepsi, etc.”


“Since the company representatives fail to keep their promises in negotiations and continue to ignore us, the decision has been made to release a teaser, and in 72 hours, 100% of the data will be made public. Dear representatives, you still have a chance to avert a disaster,” it added.

Data reportedly includes contact details of those from “top world company”, non-disclosure agreements, legal cases, SSNs, DLs, all employee browser passwords and “many other documents that hold secrets for their clients”.

As serious as this latest attack may be, the elephant that is, or really isn’t, in the room – all of ALPHV’s previous heists are now missing.

This includes some big-name victims, including as part of the supply chain attack on Australian law firm HWL Ebsworth, which resulted in government agencies such as the Office of the Australian Information Commissioner (OAIC) and the big four banks suffering data breaches, just to name a few.

ALPHV’s site was downed last week on 7 December, and while the group had said it would be up shortly following the outage, it remained down for days.

While there is no confirmation on who brought down the leak site, many parties are speculating that law enforcement may have been involved.

One group called RedSense Intelligence published a post on X (formerly Twitter) saying it was able to confirm that law enforcement was responsible for the outage.

While there is currently no concrete evidence to suggest that law enforcement is behind ALPHV’s site going down, prior law enforcement operations have resulted in similar outages, such as the FBI attacks on REvil and Hive.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.