ALPHV Ransomware Gang Behind Reddit Cyberattack

On February 5th, Reddit suffered a cyberattack where the BlackCat (ALPHV) ransomware gang claimed to have stolen 80GB of data from the company. Reddit disclosed that one of its employees fell victim to a phishing attack, allowing the threat actors to gain access to the company’s systems to steal internal documents, source code, employee data, and limited data about the company’s advertisers. However, Reddit confirmed that no user passwords, accounts, or credit card information were affected. Despite the similarity to the phishing attack on Riot Games that occurred in the past, the Reddit phishing attack did not involve any ransomware encryption.

According to a post by Reddit CTO Christopher Slowe, aka KeyserSosa, the phishing attack allowed the threat actors to obtain a single employee’s credentials, which then gave them access to some internal documents, code, internal dashboards, and business systems. However, Reddit confirmed that primary production systems, which run Reddit and store the majority of the data, were not breached.

BlackCat’s Demand for Ransom

The ALPHV ransomware operation, more commonly known as BlackCat, now claims responsibility for the February 5th cyberattack on Reddit. The gang claims to have stolen 80GB of compressed data from the company and now plans to leak the data. The ransomware operation attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted. However, Reddit did not respond to the demand. The threat actors threatened to leak all the statistics that Reddit tracks about its users and the confidential data they took. The group also claimed that Reddit silently censors users and that they have artifacts from their GitHub.

According to BleepingComputer, this is the same attack that Reddit disclosed in February. However, Reddit declined to comment about BlackCat’s post.

Similar Attack on Western Digital

The same hacking group behind the Reddit phishing attack is believed to be linked to a similar attack on Western Digital in March 2023, which caused a massive outage to the company’s My Cloud cloud service. The threat actors claimed not to have a name initially, but screenshots of the stolen data were leaked on the ALPHV data leak site, with the threat actors taunting the company about the attack. Western Digital sent data breach notifications in May, warning online store customers that their data was stolen during the attack.

Forum post selling Riot Games source code
Forum post selling Riot Games source code
Source: BleepingComputer
“The Reddit Files” post on BlackCat data leak site
Source: BleepingComputer

Sources: Reddit, Dominic Alvieri, and BleepingComputer

Leave a Reply

Your email address will not be published. Required fields are marked *