Cyber Incident Victim: Inetum Group
Date:
Dec 2021
Location:
France
Summary
A global IT services provider experienced a ransomware attack impacting certain operations in France, with containment measures preventing broader infrastructure or client service disruptions. The incident triggered immediate isolation of affected servers and termination of client VPN connections to mitigate risks, while investigations confirmed no exploitation of the Log4j vulnerability. Attackers deployed BlackCat ransomware, a Rust-based malware capable of spreading laterally, terminating virtual machines, and wiping hypervisors. The company engaged law enforcement and third-party incident responders, maintaining unaffected customer delivery operations and collaboration systems throughout the event.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 19, 2021, French IT services provider Inetum Group experienced a ransomware attack impacting certain operational systems within its French infrastructure. The incident occurred less than a week before the Christmas holiday period. As a global digital services company operating across 26 countries with nearly $2 billion in annual revenue, Inetum represented a high-value target for ransomware operators. The attackers compromised portions of the company's internal network but failed to penetrate critical client-facing infrastructure or broader organizational systems. Immediate containment actions by Inetum's crisis unit prevented lateral movement to primary customer environments, communication platforms, and collaboration tools. Operational teams severed all client VPN connections and isolated affected servers to create network segmentation barriers. Initial forensic analysis confirmed the attackers did not exploit the widespread Log4j vulnerability that had recently emerged as a critical security concern across the industry. While Inetum's public statements did not identify the specific ransomware variant, external reporting attributed the attack to BlackCat malware based on technical indicators.
BlackCat ransomware—also tracked as ALPHV and Noberus—represented an emerging threat at the time, with Symantec researchers documenting its activity since at least November 2021. The Rust-coded malware possessed advanced capabilities including network propagation mechanisms, termination of virtual machines and ESXi hypervisors, and data-wiping functionality. Despite these destructive features, the attack's operational impact remained confined to localized French systems without disrupting customer delivery operations or corporate messaging platforms. Inetum engaged specialized cybercrime units through official law enforcement notifications and contracted third-party incident response specialists to support remediation efforts. The company maintained public assurances regarding the integrity of client services throughout the event, emphasizing that core infrastructure protections prevented broader organizational compromise. No data theft or secondary impacts beyond initial encryption activities were disclosed in available reports.