A cybercrime gang behind the AlphV ransomware said it successfully attacked Creos Luxembourg, an operator of electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg.

Last week, Creos confirmed it suffered a cyberattack, which took place during the night of July 22-23, 2022. The company did not disclose the nature of the cyber incident, but said that the supply of electricity and gas was not affected.

On their dark web data leak site the AlphV (better known as BlackCat) operators claimed to have breached Creos Luxembourg and stolen more than 150 GB of corporate data, including sensitive information such as contracts, agreements, copies of IDs, invoices, emails and more. The ransomware operators also promised to release more files in the near future.

The AlphV/BlackCat ransomware is believed to be a rebrand of the BlackMatter ransomware which was a rebrand of the DarkSide ransomware that hit the energy pipeline operator Colonial Pipeline, one of the US' largest pipelines, in May 2021. Due to the attack Colonial Pipeline temporarily shut down its 5,500 miles of pipeline to contain the threat.

In May 2022, the US Pipeline and Hazardous Materials Safety Administration (PHMSA) proposed a nearly $1 million fine for management failures at Colonial Pipeline that contributed to widespread fuel shortages along the US East Cost following a 2021 ransomware attack.