{ "id": "e891fabe-7721-4537-a5ac-548d47c19562", "created_at": "2026-04-15T02:22:41.915738Z", "updated_at": "2026-04-18T02:21:35.160657Z", "deleted_at": null, "sha1_hash": "9a076bb3cb02af36c7702d3b15c6bc7977c8ba19", "title": "BlackCat said they breached US Department of Defense contractor and went offline", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 53110, "plain_text": "BlackCat said they breached US Department of Defense contractor\r\nand went offline\r\nPublished: 2022-09-30 · Archived: 2026-04-15 02:14:12 UTC\r\nThe ransomware gang first said they would leak NJVCs data every 12 hours but later dropped the victim from\r\nits list.\r\nRansomware gang BlackCat, also known as ALPHV, added NJVC, an IT company supporting the federal\r\ngovernment and the US Department of Defense, to its victim list.\r\nNJVC provides support for the US government’s intelligence and defense organizations. The company boasts a\r\nyearly revenue of $290 million.\r\n“[…] the confidential data in our possession will be released in stages every 12 hours. There is a lot of material,”\r\nsaid the NJVC description on BlackCat’s leak site.\r\nThe message appeared on 28 September and was spotted by deep web intelligence firm DarkFeed. Meanwhile,\r\nsecurity research group VX-Underground said that BlackCat released a proof of breach and immediately went\r\noffline.\r\nCybernews reached out to NJVC for comment, but we did not receive a reply at the time of publishing this article.\r\nInterestingly enough, BlackCat’s leak site on the dark web was accessible on 30 September, but NJVC was no\r\nlonger posted among the gang’s victims. The latest current victim on the leak site was posted on 27 September, a\r\nday before the DoD contractor was initially posted.\r\nExperienced ‘newcomers’\r\nALPHV/BlackCat ransomware was first observed in late 2021. Like so many others in the criminal underworld,\r\nthe group operates a ransomware-as-a-service (RaaS) business, selling criminals malware subscriptions.\r\nALPHV/BlackCat was noted for the use of the Rust programming language. According to an analysis by the\r\nMicrosoft 365 Defender Threat Intelligence Team, threat actors that started deploying ALPHV/BlackCat were\r\nknown to work with other prominent ransomware families such as Conti, LockBit, and REvil.\r\nThe FBI believes money launderers for ALPHV/BlackCat cartel are linked to Darkside and Blackmatter\r\nransomware cartels, indicating the group has a well-established network of operatives in the ransomware business.\r\nLately, ALPHV/BlackCat has been among the most active ransomware gangs. According to the cybersecurity\r\nanalyst ANOZR WAY, the group was responsible for approximately 12% of all attacks in 2022.\r\nCybersecurity firm Digital Shadows noted that the group’s activity increased by 117% last quarter. Only LockBit\r\nand Conti surpassed the group in the total number of victims breached over the second quarter of 2022.\r\nhttps://cybernews.com/news/blackcat-breached-department-of-defense-contractor-went-offline/\r\nPage 1 of 2\n\nMost recently, ALPHV/BlackCat ransomware was used to attack the University of Pisa. Threat actors demanded\r\nthat the university administration pay $4.5 million for the release of encrypted data.\r\nSource: https://cybernews.com/news/blackcat-breached-department-of-defense-contractor-went-offline/\r\nhttps://cybernews.com/news/blackcat-breached-department-of-defense-contractor-went-offline/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://cybernews.com/news/blackcat-breached-department-of-defense-contractor-went-offline/" ], "report_names": [ "blackcat-breached-department-of-defense-contractor-went-offline" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-18T02:00:04.852006Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1776219761, "ts_updated_at": 1776478895, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/9a076bb3cb02af36c7702d3b15c6bc7977c8ba19.pdf", "text": "https://archive.orkl.eu/9a076bb3cb02af36c7702d3b15c6bc7977c8ba19.txt", "img": "https://archive.orkl.eu/9a076bb3cb02af36c7702d3b15c6bc7977c8ba19.jpg" } }