Cyber Incident Victim: Finistère Habitat
Date:
Jul 2020
Location:
Saudi Arabia
Summary
A global electrical construction products manufacturer and supplier was targeted by Netwalker ransomware operators who leaked samples of sensitive company data including detailed contracts, audit reports, and insurance documents. The attackers threatened to release the full dataset publicly unless an agreement was reached, highlighting the exposure of confidential business information. The victim organization maintains an international presence across multiple regions, with the incident demonstrating ransomware actors' tactics of coercing payments through data leakage threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 10, 2020, cybersecurity firm Cyble identified a data leak involving Alfanar, a multinational manufacturer of electrical construction products and provider of engineering solutions, published by Netwalker ransomware operators. Founded in 1976, Alfanar maintained operations across the Middle East, Asia, Africa, and Europe, with business activities spanning electrical manufacturing, conventional and renewable energy plant engineering, procurement, and construction services. Netwalker operators disclosed the breach on their dedicated leak blog, accompanied by a sample of exfiltrated corporate data. The leaked sample contained sensitive documents including detailed contracts, internal audit reports, and insurance records, indicating compromise of Alfanar’s business-critical information systems. The ransomware group issued an ultimatum, threatening full public release of the stolen data within seven days unless Alfanar negotiated payment terms. Cyble researchers confirmed the authenticity of the leaked sample through dark web monitoring but did not specify Alfanar’s operational disruptions or ransom negotiation status.
The incident exposed Alfanar’s confidential commercial agreements, financial audits, and risk management documentation to potential public dissemination. Netwalker’s leak site presentation included screenshots validating the compromised data’s scope and corporate relevance, though the initial sample did not reveal employee or customer personal information. The seven-day deadline imposed by the threat actors created time pressure for containment and response decisions. Cyble’s discovery occurred through routine monitoring of ransomware operators’ dark web channels, though the initial intrusion vector and Alfanar’s internal detection timeline remained unspecified. No operational outages or financial impacts were quantified in the available reporting. The cybersecurity firm documented the breach’s progression but did not describe Alfanar’s technical remediation efforts or law enforcement engagement.