• Home
  • cyber
  • Hikvision and French manufacturing firm: Exclusive: Ransomware newcomer claims breach of security camera firm Hikvision
cyber Ransomware

Hikvision and French manufacturing firm: Exclusive: Ransomware newcomer claims breach of security camera firm Hikvision

Mar 21, 2026 2 min read
Hikvision and French manufacturing firm: Exclusive: Ransomware newcomer claims breach of security camera firm Hikvision

Hikvision Hit by ALP-001 Ransomware Group in Massive Data Breach

A newly identified ransomware group, ALP-001, has claimed responsibility for a 19.9-terabyte data breach targeting Hikvision, the Chinese-headquartered security camera manufacturer. The group listed the company as a victim on its darknet leak site on March 21, threatening to release the stolen data in 200-gigabyte increments within five days. A sample data link provided by the hackers was reportedly broken, and no ransom demand has been disclosed.

Hikvision, a partly state-owned firm known for its surveillance equipment, has not responded to requests for comment. The company has faced prior scrutiny over cybersecurity vulnerabilities in its products, as well as sanctions and bans due to its alleged involvement in mass surveillance, including in China’s Uyghur internment camps. While Hikvision’s cameras remain commercially available, they were removed from government buildings in early 2023.

ALP-001 emerged on the same day as its first victim listing, but cybersecurity firm ReliaQuest traced its origins to an Initial Access Broker (IAB) active on underground forums earlier this year. The group’s Tox and Session IDs matched those used by a known threat actor previously operating under aliases like "Alpha Group" and "DGJT Group." ReliaQuest identified a direct link between a French manufacturing firm ($543M revenue) listed on ALP-001’s leak site and a January 2026 access sale by the same user, suggesting the group has transitioned from selling breached access to running a full-fledged extortion operation.

Despite its claims of being a "discreet collective of cybersecurity professionals," ALP-001’s actual data exfiltration capabilities remain unverified. The group positions itself as a pragmatic enterprise, offering victims a choice between a private financial settlement or public data disclosure. With Hikvision’s global presence including offices in Australia the breach raises concerns over the potential exposure of sensitive surveillance data.

Source: https://www.cyberdaily.au/security/13383-exclusive-ransomware-newcomer-claims-breach-of-security-camera-firm-hikvision

Novares Group cybersecurity rating report: https://www.rankiteo.com/company/novares-group

Hikvision cybersecurity rating report: https://www.rankiteo.com/company/hikvision

"id": "NOVHIK1774427439",
"linkid": "novares-group, hikvision",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Security Camera Manufacturing',
                        'location': 'China (Global presence including '
                                    'Australia)',
                        'name': 'Hikvision',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'High (potential sensitive '
                                        'surveillance data)',
                 'type_of_data_compromised': 'Surveillance data'},
 'date_detected': '2026-03-21',
 'date_publicly_disclosed': '2026-03-21',
 'description': 'A newly identified ransomware group, ALP-001, has claimed '
                'responsibility for a 19.9-terabyte data breach targeting '
                'Hikvision, the Chinese-headquartered security camera '
                'manufacturer. The group listed the company as a victim on its '
                'darknet leak site on March 21, threatening to release the '
                'stolen data in 200-gigabyte increments within five days. '
                'Hikvision has not responded to requests for comment.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'prior scrutiny and sanctions',
            'data_compromised': '19.9 terabytes'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Linked to prior access '
                                                    'sales (e.g., French '
                                                    'manufacturing firm in '
                                                    'January 2026)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion',
 'post_incident_analysis': {'root_causes': 'Cybersecurity vulnerabilities in '
                                           'Hikvision products, potential '
                                           'initial access broker activity'},
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'ALP-001'},
 'references': [{'source': 'ReliaQuest'},
                {'source': 'ALP-001 darknet leak site'}],
 'threat_actor': 'ALP-001',
 'title': 'Hikvision Hit by ALP-001 Ransomware Group in Massive Data Breach',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Cybersecurity vulnerabilities in Hikvision '
                            'products'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.