Altice hacked by Hive team: what’s in the leak

Tens of thousands of documents reveal the workings of Patrick Drahi’s company

The data revealed by the group of hackers Hive allows us to see the movement of Altice, a vast empire with an opaque architecture. This includes information on companies based in countries that are more flexible in tax matters, in Switzerland, Luxembourg or Guernsey. Indeed, these revelations shed light on the shocking lifestyle of a family as smart as a billionaire. Far from the end of the heralded abundant…

Hive Group Document Distribution Site – Screenshot

Tens of thousands of ultra-confidential documents were revealed at the end of July following a ransomware attack by a well-known hacker group, Hive. Off-shore companies in fiscally accommodating countries, financial arrangements to try to always pay low taxes, manage the private jet, the yacht, the documents allow us to understand the management of the Drahi empire in many years.

Who is the Hive group behind the attack? According to a December 2021 blog post by the cybersecurity firm Group-IB, it was taken LeMagIT, these pirates would have claimed hundreds of victims at that time. It is impossible to know the exact number. The hive specializes in attacks against large global corporations in the financial sector or hospitals, which is why it prompted an FBI alert note.

The modus operandi of this group of hackers is typical in this field: once the data is encrypted, the hackers give their victim a link to the Hive website with login credentials. A so-called “commercial” service even manages the transactions. If the victim pays the ransom, they will receive a way to decrypt the data. If it works… Because some companies have trouble deciphering their data after payment. If the money is not paid, the data will be made public. This is probably what happened to Altice. Since hackers have a very relatable behavior, it is common for data to be published even if the ransom is paid. was able to consult these documents. They are of general interest because they show the building of an industrial and financial empire that likely affects the daily lives of millions of people. Altice is available in the United States, in Europe, in the Maghreb, and of course in France with SFR and a lot of media information. Patrick Drahi, the 11th fortune of France according to the 2022 ranking of Challenge magazine, actually has a vast media empire (BFM TV, RMC and until now, Liberation). But above all he is the founding president of Altice, the parent company of the telephony giant SFR. He is also the majority shareholder of Sotheby’s, one of the most famous and oldest auction houses. He spent 3.7 billion dollars to acquire 61% of the shares of this luxury brand.

Tens of thousands of documents are related to several subsidiaries of the group: Altice Africa, Altice Caribbean, Altice Corporate Financing, Altice Customers services, Altice Entertainment News & Sport, Altice Financing, Altice Finco, Altice France Holding, Altice Group Lux, Altice Holdings , Altice International, Altice Luxembourg SA, Altice Teads, Altice Technical Service France, Altice UK, Altice West Europe, AMI, Coditel Holding, Geodesia SA, OTR 2, Pollux, Thiais Aviation…

Hive also publishes information related to the companies managed by Patrick Drahi and the wider family (his wife, his two daughters and his two sons). They are administered by a Family Office: Yafit. This information related to his personal investments is also of public interest at the time when the President of the Republic announced the end of the abundance. While all the French press, including that of Patrick Drahi, is making noise about private jet flights and the possible need to regulate them to preserve the climate, for example it is interesting to note that Patrick Drahi, like probably all billionaires, jumped. from one jet to another regularly, including short flights to destinations operated by regular airlines that offer the perfect business class service.

Reflet tried unsuccessfully to speak with Patrick Drahi or anyone else he could turn to. Clubic newspaper obtained an official statement. It seems far from reality.

The impacts have been contained, and all services have been restored “, we were told. ” As such, the financial holding company is fully operational. “The attack, which was launched on August 9, will thus be over, Clubic wrote.” We must emphasize that no sensitive data has been compromised, including customer data, business partner data or data related to our financial partners. Altice said.

This is not the analysis of reflections who will publish in the coming weeks a series of articles based on these documents that are now publicly accessible on the Internet.

You can read the first part of our investigation here.


This article is the first of a long investigation that we will continue over many months. closely monitors the activity of ransomware groups. When documents are published about Altice, we want to take the time to consult them in detail to measure the extent of piracy and to prove that it is in the public interest. Not all. For example, the employee or Drahi family secret code is not. On the other hand, those we wake up, are this.

We contacted Patrick Drahi on his personal email as well as the person in charge of managing the Family Office. We ask them to contact us to discuss the Altice data leak.

We never got a reply.

If Altice contacts us, we will post their views after this article.

Leave a Reply

Your email address will not be published.