Vhive

Vhive, operating as Vhive Retail Furniture Chain, is a Singapore-based retail entity specializing in furniture sales. The company serves customers through its physical and presumably online retail channels, positioning itself within the competitive home furnishings market of Singapore. Its operational scope is centered on the direct sale of furniture products to consumers, though specific product categories or additional service lines are not detailed in available records. The organization's public profile is notably defined by a significant cybersecurity incident rather than by disclosed details of its commercial scale, market share, or unique business competencies beyond its core retail function. No explicit information regarding its ownership structure, parent company, or subsidiary status is provided in the source material.

The organization's most documented public event occurred on March 21, 2021, when it suffered a breach attributed to the ALTDOS threat group. This incident involved unauthorized network access and a double extortion strategy, where data was both stolen and systems were encrypted. The breach resulted in the exposure of over 300,000 customer records, including transactional and payment documentation, though sources indicate that national identification numbers and direct financial data were reportedly unaffected. Following the initial intrusion, Vhive restored operations using existing data backups. However, the company allegedly failed to remediate critical security vulnerabilities that facilitated subsequent attacks. These follow-on incidents included the exfiltration of proprietary source code and the encryption of server files. The threat actors provided evidence of their compromise through video recordings showing directory access and redacted database extracts. The encryption method observed suggested the potential use of AES-256, differing from conventional ransomware payloads. This sequence of events highlights a prolonged security failure where initial recovery did not translate into robust vulnerability management, leading to repeated compromise and significant data loss.