Hikvision Targeted by New ALP-001 Ransomware Group Claiming 20TB Data Theft

Hikvision, a video surveillance manufacturer headquartered in China, was listed as a victim by the newly emerged ALP-001 ransomware group on March 21, 2026. The threat actors claims to have stolen 19.9 terabytes of data from the company's internal systems. 

Analysts have linked ALP-001 to an established Initial Access Broker (IAB) previously active on underground forums under the aliases "Alpha Group" and "DGJT Group." This attack indicates an escalation for the group, moving from simply selling network entry to managing their own data theft and ransom operations.

The number of affected individuals is not disclosed. Hikvision has not publicly acknowledged the breach or provided any details. The authenticity of the 19.9 TB claim is not verified as the sample data links provided by the attackers were non-functional at the time of discovery. 

The group threatened to release the stolen information in 200-gigabyte portions starting within five days. 

If legitimate, this breach could expose sensitive configurations or intellectual property relevant to global surveillance infrastructure. Security professionals should ensure Hikvision devices are isolated from the public internet and monitor for unauthorized access.