{
	"id": "80cd748d-9789-4ca9-a0f0-b9515e7a2698",
	"created_at": "2026-04-06T02:11:10.788772Z",
	"updated_at": "2026-04-10T03:29:40.015917Z",
	"deleted_at": null,
	"sha1_hash": "985a15506a14dacf708fca376258a3a0f20c94d2",
	"title": "ALPHV gang claims ransomware attack on Constellation Software",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2411732,
	"plain_text": "ALPHV gang claims ransomware attack on Constellation Software\r\nBy Sergiu Gatlan\r\nPublished: 2023-05-05 · Archived: 2026-04-06 02:06:50 UTC\r\nCanadian diversified software company Constellation Software confirmed on Thursday that some of its systems were\r\nbreached by threat actors who also stole personal information and business data.\r\n\"The Incident was limited to a small number of systems related to internal financial reporting and related data storage by the\r\noperating groups and businesses of Constellation,\" the company said.\r\n\"The independent IT systems of Constellation's operating groups and businesses were not impacted by this Incident in any\r\nway.\"\r\nhttps://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nConstellation added that it had contained the attack and has now restored all of the IT infrastructure systems impacted in the\r\nincident.\r\nBusiness partners and individuals whose information was stolen during the breach are also being contacted with more details\r\nregarding the attack.\r\n\"A limited amount of personal information of individuals was impacted by the Incident. A limited amount of data of the\r\nbusiness partners of Constellation businesses was also impacted,\" the company added.\r\nConstellation Software acquires, manages, and builds software businesses through six operating groups: Volaris, Harris,\r\nJonas, Vela Software, Perseus Group, and Topicus.\r\nThe Canadian company has over 25,000 employees across North America, Europe, Australia, South America, and Africa,\r\ngenerating consolidated revenues exceeding $4 billion.\r\nConstellation also provides services to 125,000 customers in over 100 countries and has acquired more than 500 software\r\ncompanies since 1995.\r\nAttack claimed by the ALPHV ransomware gang\r\nWhile Constellation is yet to provide information on who was behind the attack or how the threat actors gained access to its\r\nnetwork, the ALPHV ransomware gang (aka BlackCat) added a new entry to its data leak site, saying that they breached the\r\ncompany's network and stole more than 1 TB worth of files.\r\nThe ransomware gang also threatens to leak the stolen data if the company ignores the ransom demand and refuses to\r\nnegotiate.\r\n\"We have been on your network for a long time and have had time to analyze your business. We have stolen more than 1 TB\r\nof your confidential data. If you ignore or refuse the deal, we will be forced to release all of your data to the public,\" the\r\ngang said.\r\nAs proof that they had access and exfiltrated files from Constellation's network, ALPHV has already leaked some documents\r\ncontaining business information online.\r\nConstellation Software entry on ALPHV's data leak blog (BleepingComputer)\r\nThis ransomware operation was launched in November 2021 and is believed to be a rebrand of the DarkSide/BlackMatter\r\ngang.\r\nIt first gained notoriety as DarkSide after attacking the Colonial Pipeline and immediately landing in the crosshairs of\r\ninternational law enforcement.\r\nEven though they rebranded as BlackMatter one month later, in July 2021, they were forced to shut down again in\r\nNovember after the operation's servers were seized and Emsisoft created a decryptor by exploiting a weakness in the\r\nransomware.\r\nCurrently, the ALPHV gang is considered one of the significant ransomware threats targeting enterprises worldwide.\r\nhttps://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/\r\nPage 3 of 4\n\nLast April, the Federal Bureau of Investigation (FBI) warned that ALPHV has \"extensive networks and experience with\r\nransomware operations\" since they successfully breached over 60 entities worldwide from November 2021 to March 2022.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/\r\nhttps://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/"
	],
	"report_names": [
		"alphv-gang-claims-ransomware-attack-on-constellation-software"
	],
	"threat_actors": [
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775441470,
	"ts_updated_at": 1775791780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/985a15506a14dacf708fca376258a3a0f20c94d2.pdf",
		"text": "https://archive.orkl.eu/985a15506a14dacf708fca376258a3a0f20c94d2.txt",
		"img": "https://archive.orkl.eu/985a15506a14dacf708fca376258a3a0f20c94d2.jpg"
	}
}