Cyber Incident Victim: Altus Group

On June 13, 2021, Altus Group, a commercial real estate software solutions provider, experienced a cybersecurity breach that disrupted its IT back-office operations and communications systems, including email services, which were taken offline. The company publicly disclosed the incident on June 14, initiating an investigation while assuring stakeholders of operational continuity for client-facing systems. Initial statements emphasized containment measures but did not confirm data compromise. A week after the breach announcement, Altus Group asserted there was "no evidence of impact," though this claim preceded external confirmation of data exposure. The disruption persisted during this period, with internal systems remaining partially offline to mitigate further risks. No specifics regarding the attack vector or initial detection methods were disclosed by the company.

Subsequent developments revealed that a previously unknown ransomware group, Hive, had published a darknet site named "HiveLeaks" listing Altus Group as its sole victim, indicating the attackers had exfiltrated and encrypted data. The group shared a password-protected sample archive containing business documents, Argus software certificates, and development files, with visible filenames suggesting the scope of compromised materials. Hive’s inclusion of "encrypted" data on their leak site implied a ransom demand, though Altus Group did not confirm any communication with the threat actors. The company acknowledged awareness of the leak but did not validate the authenticity of the posted data or link it definitively to the June 13 breach. Systems restoration progress and forensic findings beyond initial containment actions were not detailed in available updates. Operational impacts from the email and back-office outages remained unresolved at the time of reporting, with no publicized remediation timeline or additional attacker tactics disclosed.