BlackCat is targeting European natural gas pipeline network operator Creos
The ALPHV ransomware gang widely known as BlackCat has taken responsibility for attacking Creos Luxembourg S.A., a natural gas pipeline and electricity network operator in the central European country. As a result of the cyberattack, the customer portals of Creos were unavailable although they continued with the service.
Creos posted an update about the cyberattack on July 28 after a thorough investigation which state that the threat actors were able to intrude the network to exfiltrate certain data to compromise the system. Initially, the company asked its customers to be patient until they investigate the scope of the impact at the same time the company urged its customers to change all credentials used for interacting with the company.
According to a source, the BlackCat ransomware group threatened Creos that they will publically publish 150 GB of all extorted data totaling 180,000 files including contracts, agreements, passports, bills, and emails. BlackCat ransomware has been observed to publish stolen data on an extortion site which can be easily reached by visitors. BlackCat has been targeting big profile companies similar to Creos. They have extorted data from DarkSide via extortion which lead to its closure and after completely shutting down the company BlackCat rebranded as BlackMatter to hide from law enforcement as they broke several international laws.
BlackCat is also observed to avoid big enterprise networks in America while they continued targeting European companies such as Austrian states, Italian fashion chains, Swiss airport service providers, and recently natural gas pipeline network Creos.