Cyber Incident Victim: BT Group
Date:
Dec 2024
Location:
United Kingdom
Summary
A telecommunications company confirmed an attempted cyberattack targeting its conferencing platform after the Black Basta ransomware group claimed responsibility, alleging access to corporate data. The incident was isolated to specific non-live platform elements, which were rapidly taken offline without disrupting active conferencing services or other operations. The attackers purportedly obtained employee personal information and sensitive documents including non-disclosure agreements. The organization is investigating the incident with relevant regulatory and law enforcement authorities, emphasizing no broader infrastructure or customer services were compromised. Black Basta, known for targeting critical infrastructure sectors since 2022, publicly shared samples of the allegedly stolen data as proof of compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 1, 2024, British telecommunications company BT Group confirmed an attempted cyberattack targeting elements of its conferencing platform following claims by the Black Basta ransomware group. The group publicly asserted responsibility for the compromise on its darknet leak site, alleging possession of BT’s corporate data, including employee personal information, non-disclosure agreements, and other sensitive documents. BT, which operates critical UK telephone infrastructure and employs approximately 100,000 people globally, clarified that the incident was isolated to specific, non-operational components of the conferencing platform. These affected servers were swiftly taken offline and contained, with no disruption to live conferencing services, broader BT Group operations, or customer systems. The company emphasized that its telephone exchanges and other critical infrastructure remained unaffected.
BT initiated an active investigation into the incident, collaborating with relevant regulatory and law enforcement agencies. While Black Basta provided purported evidence of the breach by leaking samples of employee data, BT did not publicly confirm the validity or extent of the data exfiltration claims. The ransomware group, known since 2022 for targeting healthcare organizations and critical infrastructure sectors, had previously drawn warnings from U.S. authorities. BT’s response focused on containment and assessment, reiterating that the attack’s scope was limited to the isolated conferencing platform elements. No further operational or financial impacts were disclosed at the time of the statement.