Altice hacked by the Hive group: what the leak contains |

Altice hacked by the Hive group: what the leak contains |

Tens of thousands of documents reveal the workings of Patrick Drahi’s company

Data revealed by the Hive hacker group gives us a glimpse into the workings of Altice, a sprawling empire with opaque architecture. They include information on companies located in countries that are particularly flexible in tax matters, in Switzerland, Luxembourg or Guernsey. By the way, these revelations shed light on the amazing lifestyle of a family as discreet as a billionaire. Far from the end of the announced abundance…

Hive Group Document Dissemination Site – Screenshot

Tens of thousands of ultra-sensitive documents were revealed in late July after a ransomware attack by a notorious hacker group, Hive. Offshore companies in fiscally accommodating countries, financial arrangements to try to always pay less taxes, management of the private jet, the yacht, the documents allow us to understand the management of the Drahi empire for several years.

Who is the Hive group behind the attack? According to a December 2021 blog post from cybersecurity firm Group-IB, picked up by LeMagIT, these pirates would have already claimed hundreds of victims at that time. Impossible to know the exact number. Hive specialized in attacks against large global corporations in the financial sector or in hospitals, so much so that it provoked an alert note from the FBI.

The modus operandi of this group of hackers is common in this field: once the data is encrypted, the hackers give their victim a link to the Hive website with login credentials. A service called “commercial” even handles transactions. If the victim pays the ransom, she receives a way to decrypt the data. When it works… Because some companies have had problems decrypting your data after paying. When the money is not paid, the data is made public. This is probably what happened with Altice. Since hackers have very relative ethics, it is not uncommon for data to be released even if the ransom is paid. was able to consult these documents. They are of general interest to the extent that they show the construction of an industrial and financial empire capable of impacting the daily lives of millions of people. Altice is present in the United States, in Europe, in the Maghreb and of course in France with SFR and numerous media outlets. Patrick Drahi, France’s 11th fortune according to Challenge magazine’s 2022 ranking, has a very extensive media empire (BFM TV, RMC and until recently, Liberation). But above all he is founding chairman of Altice, the parent company of phone giant SFR. He is also a majority shareholder in Sotheby’s, one of the oldest and most prestigious auction houses. He spent 3.7 billion dollars to acquire 61% of the shares of this luxury brand.

Tens of thousands of documents relate to the group’s many subsidiaries: Altice Africa, Altice Caribbean, Altice Corporate Financing, Altice Customers services, Altice Entertainment News & Sport, Altice Financing, Altice Finco, Altice France Holding, Altice Group Lux, Altice Holdings , Altice International, Altice Luxembourg SA, Altice Teads, Altice Technical Service France, Altice UK, Altice West Europe, AMI, Coditel Holding, Geodesia SA, OTR 2, Pollux, Thiais Aviation…

Hive also publishes information related to the companies managed by Patrick Drahi and, more broadly, his family (his wife, his two daughters, and his two sons). They are managed by a Family Office: Yafit. This information regarding his personal investments is also of public interest at a time when the President of the Republic announces the end of abundance. While all the French press, including that of Patrick Drahi, talks about flights in private planes and the possible need to regulate them to preserve the climate, it is interesting to note, for example, that Patrick Drahi, like probably all other billionaires, jumps from one jet to another constantly, even for short trips in destinations operated by regular airlines that offer perfectly adequate business class services.

Reflets tried unsuccessfully to talk to Patrick Drahi or anyone he might have delegated. The Clubic newspaper managed to obtain an official statement. He seems very far removed from reality.

Impacts have been controlled and all services have been restored “, they told us. ” As such, the financial holding company is fully operational.. “The attack, launched on August 9, would definitely end like this, Clubic writes. ” We must emphasize that no sensitive data has been compromised, including customer data, business partner data, or data relating to our financial partners. Altice says.

This is not exactly the analysis of reflections who will publish in the coming weeks a series of articles based on these documents now accessible to the public on the Internet.

You can read the first part of our investigation here.


This article is the first of a long investigation that we will continue for several months. closely monitors the activity of ransomware groups. In publishing the documents related to Altice, we wanted to take the time to review them in detail to gauge both the extent of the hack and to verify that they were in the public interest. Not all of them are. For example, the secret codes of the employees or the Drahi family are not. On the other hand, those that we evoke, are.

We communicate with Patrick Drahi on his personal email, as well as with the person who takes care of the administration of the Family Office. We asked that you contact us to discuss the data breach at Altice.

We never received an answer.

If Altice contacts us, we will post your feedback after this article.

#Altice #hacked #Hive #group #leak

Leave a Reply

Your email address will not be published. Required fields are marked *