{
	"id": "e1a26abf-2a3f-43c4-ba71-bc4e90eb73f9",
	"created_at": "2026-04-06T00:22:29.777549Z",
	"updated_at": "2026-04-10T13:11:56.854261Z",
	"deleted_at": null,
	"sha1_hash": "d97bcfc230de1d639678366da5833b06fed7fd68",
	"title": "Global IT services provider Inetum hit by ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3331598,
	"plain_text": "Global IT services provider Inetum hit by ransomware attack\r\nBy Ionut Ilascu\r\nPublished: 2021-12-24 · Archived: 2026-04-05 16:08:27 UTC\r\nLess than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack\r\nthat had a limited impact on the business and its customers.\r\nInetum is active in more than 26 countries, providing digital services to companies in various sectors: aerospace and\r\ndefense, banking, automotive, energy and utilities, healthcare, insurance, retail, public sector, transportation, telecom and\r\nmedia.\r\nLimited impact\r\nAs a services provider for a large number of companies and with a revenue of almost $2 billion, the group is an attractive\r\ntarget for ransomware gangs.\r\nhttps://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOn Sunday, December 19, Inetum became the target of a ransomware attack that affected some of its operations in France\r\nand did not spread to larger infrastructures used by the customers.\r\n“None of the main infrastructures, communication, collaboration tools or delivery operations for Inetum clients has been\r\naffected,” the company assures in a press release on Thursday.\r\nThe Group’s crisis unit acted quickly to protect sensitive connections that could put clients at risk if compromised. To this\r\nend, the operational teams isolated all servers on the affected network and terminated client VPN connections.\r\nAn initial investigation determined the ransomware strain used in the attack and that the recent critical Log4j vulnerability\r\nwas not exploited during the incident.\r\nInetum Group did not disclose the name of the malware used but according to Valéry Marchive, editor-in-chief at French\r\npublication LeMagIt, the attackers used BlackCat ransomware, also known as ALPHV and Noberus.\r\nThe file-encrypting malware is written in Rust, which is atypical for ransomware operations and has been used in attacks\r\nsince at least November 18, as discovered by researchers at Symantec, a Broadcom company.\r\nBlackCat has plenty of advanced features and comes with a very flexible configuration that allows it to spread to other\r\ncomputers, terminate virtual machines and ESXi hypervisors, as well as wipe them.\r\nInetum Group has notified authorities about the attack and is collaborating with specialized cybercrime units. A third party\r\nhas also been called in for incident response services.\r\nAt the moment, delivery operations to customers are safe, and messaging and collaboration systems remain unaffected, the\r\ncompany notes.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/\r\nPage 3 of 4\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/"
	],
	"report_names": [
		"global-it-services-provider-inetum-hit-by-ransomware-attack"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434949,
	"ts_updated_at": 1775826716,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d97bcfc230de1d639678366da5833b06fed7fd68.pdf",
		"text": "https://archive.orkl.eu/d97bcfc230de1d639678366da5833b06fed7fd68.txt",
		"img": "https://archive.orkl.eu/d97bcfc230de1d639678366da5833b06fed7fd68.jpg"
	}
}