{ "id": "a540ae41-c79a-4939-81aa-f7ef9c083f5f", "created_at": "2026-04-06T00:22:22.689425Z", "updated_at": "2026-04-10T03:29:39.91244Z", "deleted_at": null, "sha1_hash": "7a558165fad8a05e56e60b3ead9125f14b5fa3cc", "title": "BlackCat, Clop claim ransomware attack on cosmetics maker Estée Lauder", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 32621, "plain_text": "BlackCat, Clop claim ransomware attack on cosmetics maker\r\nEstée Lauder\r\nBy Daryna Antoniuk\r\nPublished: 2023-07-19 · Archived: 2026-04-05 17:40:49 UTC\r\nU.S. cosmetics manufacturer Estée Lauder has suffered a cyberattack, the company confirmed on Tuesday.\r\nAccording to a company statement, hackers gained unauthorized access to its systems and stole some data.\r\nEstée Lauder, the owner of the brands Clinique, MAC and Dr. Jart+, shut down some of its systems to mitigate the\r\nincident and launched an investigation in cooperation with law enforcement and cybersecurity experts.\r\n“The incident has caused and is expected to continue to cause disruption to parts of the company’s business\r\noperations,” its statement said. The nature and the scope of the attack are yet to be determined.\r\nTwo ransomware groups, Clop and ALPHV, also known as BlackCat, listed Estée Lauder as a victim.\r\nThe BlackCat hackers claimed to have successfully stolen more than 130 gigabytes of the company's data, but did\r\nnot encrypt the network. They also claimed to have operated independently from Clop, who may have exploited\r\nvulnerabilities in the MOVEit file transfer software to target the company.\r\nThis incident comes at a difficult time for Estée Lauder as it has forecast a drop in sales and profits for this year,\r\nblaming a slow recovery from the COVID-19 pandemic in duty-free and travel destinations.\r\nEstée Lauder’s products are sold in approximately 150 countries. It is one of the world’s largest manufacturers of\r\nskincare, makeup, fragrance, and hair care cosmetics.\r\nThe company did not respond to a request for comment.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nSource: https://therecord.media/blackcat-clop-claim-cyberattack-on-estee-lauder\r\nhttps://therecord.media/blackcat-clop-claim-cyberattack-on-estee-lauder\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/blackcat-clop-claim-cyberattack-on-estee-lauder" ], "report_names": [ "blackcat-clop-claim-cyberattack-on-estee-lauder" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434942, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7a558165fad8a05e56e60b3ead9125f14b5fa3cc.pdf", "text": "https://archive.orkl.eu/7a558165fad8a05e56e60b3ead9125f14b5fa3cc.txt", "img": "https://archive.orkl.eu/7a558165fad8a05e56e60b3ead9125f14b5fa3cc.jpg" } }