{ "id": "2a92bfa8-0cfa-47ae-b102-6dc02a082997", "created_at": "2026-04-09T02:24:22.708461Z", "updated_at": "2026-04-10T03:29:39.859944Z", "deleted_at": null, "sha1_hash": "f59aee00a916248d7022042ff6cb62b68e94dd29", "title": "AlphV claims an attack before even alerting the victim. How will that work out for them? (1) - DataBreaches.Net", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 42053, "plain_text": "AlphV claims an attack before even alerting the victim. How will\r\nthat work out for them? (1) - DataBreaches.Net\r\nPublished: 2023-12-03 · Archived: 2026-04-09 02:08:08 UTC\r\nSo AlphV (aka BlackCat) is trying something different again, it seems.\r\nThis time, it seems they are claiming a victim before they have even attempted to contact\r\nthe victim or extort them. They post no proof of claims. They state that they are taking this approach because the\r\nvictim’s cyberinsurance policy does not cover extortion, and their research into the victim (Tipalti) and one of the\r\nvictim’s clients (Roblox) suggests that their usual approach will not work. They intend to try to extort those firms\r\nand Twitch, all individually. Tipalti is an accounting software financial technology business that provides accounts\r\npayable, procurement and global payments automation software for businesses.\r\nAlphV’s listing states, in part:\r\nWe have remained present, undetected, in multiple Tipali systems since September 8th 2023. Over\r\n265GB+ of confidential business data belonging to the company, as well as its employees and clients\r\nhas been exfiltrated. We remain committed to this exfiltration operation, so we plan to reach out to both\r\nthese companies once the market opens on Monday as we believe we will have an even greater amount\r\nof data by then, in addition to the likely inability of the Tipali company to be able to contain our efforts\r\nby then,  given their incompetency and taking into account that an insider was , and is still actively\r\ninvolved. This article will be republished on Monday just before the market opens, to maximize the\r\nimpact to the $RBLX stock price.\r\nThis listing is not the very nasty approach that we’ve seen in some other listings on that leak site, although there is\r\na mention of “filthy criminals.” The claim that an insider is involved is noteworthy. Whether it is true or not is not\r\nsomething we are not likely to find out quickly, and it may just be a false claim made to make the firm doubt\r\nthemselves and their own internal resources.\r\nAlphV’s full listing also cites an academic reference on the potential benefit of paying ransom. It is not clear for\r\nwhose benefit they have included that citation, but it’s interesting that they spend any time finding or including\r\nsuch material.\r\nhttps://www.databreaches.net/alphv-claims-an-attack-before-even-alerting-the-victim-how-will-that-work-out-for-them/\r\nPage 1 of 2\n\nDataBreaches has sent an email inquiry to Tipalti, but no reply was immediately received. This post will be\r\nupdated when they respond or issue a statement. For now, DataBreaches reminds readers that AlphV’s claims are\r\nunconfirmed.\r\nUpdate 1: DataBreaches has not yet  received any reply from Tipalti, but a reader kindly sent us a link to an\r\nIsraeli news source that did obtain a statement from them:\r\nמטיפלתי נמסר: ”אנחנו מכירים את הטענה הזו וחוקרים אותה. אנחנו לוקחים בכל החומרה והחשיבות את בטחון\r\n.“מידע לקוחותינו. נכון לרגע זה לא זיהינו כל אובדן מידע או פריצה למערכות שלנו\r\nIn Yandex translation:\r\nA spokesman said: “We are aware of this allegation and are investigating it. We take the security of our\r\ncustomers’  information with the utmost seriousness and importance. At this time, we have not detected\r\nany data loss or breach of our systems.”\r\nSource: https://www.databreaches.net/alphv-claims-an-attack-before-even-alerting-the-victim-how-will-that-work-out-for-them/\r\nhttps://www.databreaches.net/alphv-claims-an-attack-before-even-alerting-the-victim-how-will-that-work-out-for-them/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.databreaches.net/alphv-claims-an-attack-before-even-alerting-the-victim-how-will-that-work-out-for-them/" ], "report_names": [ "alphv-claims-an-attack-before-even-alerting-the-victim-how-will-that-work-out-for-them" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775701462, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f59aee00a916248d7022042ff6cb62b68e94dd29.pdf", "text": "https://archive.orkl.eu/f59aee00a916248d7022042ff6cb62b68e94dd29.txt", "img": "https://archive.orkl.eu/f59aee00a916248d7022042ff6cb62b68e94dd29.jpg" } }