{ “groups”: 354, “victims”: 29394 }
[ { “activity”: “Manufacturing”, “attackdate”: “2026-07-03T14:20:12.391011+00:00”, “claim_url”: “http:\/\/2mgkz2ntx5vpgt4jj4gir77eqx7g6owapm2mkzpjswyl74fni7jgdmyd.onion\/detail\/e8e546c8-f6a7-4f9d-8b1a-e2a538880752”, “country”: “BR”, “data_size”: null, “description”: “Redeplast is a Brazilian footwear manufacturer with over 20 years of experience in the industry. The…”, “discovered”: “2026-07-03T14:20:33.846657+00:00”, “domain”: “redeplastrs.com.br”, “group”: “Blackfield”, “infostealer”: { “employees”: 1, “employees_url”: 1, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-03T14:20:12”, “users”: 1, “users_url”: 1 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e4cac71ebaa83b5c8e30e6e4c11a029b.png”, “url”: “https:\/\/www.ransomware.live\/id\/cmVkZXBsYXN0cnMuY29tLmJyQEJsYWNrZmllbGQ=”, “victim”: “redeplastrs.com.br” }, { “activity”: “Not Found”, “attackdate”: “2026-07-03T12:21:26.890589+00:00”, “claim_url”: “http:\/\/basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion\/page_company.php?id=177”, “country”: “TR”, “data_size”: null, “description”: “Aydeniz Group is a family-owned group of companies founded in 1975, operating in several key indu…”, “discovered”: “2026-07-03T12:22:02.886675+00:00”, “domain”: “aydeniz.com”, “group”: “apt73”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-07-03T12:21:26”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c5e7fa5f91c98add18a9eceb3a9d21dd.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXlkZW5pei5jb21AYXB0NzM=”, “victim”: “aydeniz.com” }, { “activity”: “Consumer Services”, “attackdate”: “2026-07-03T09:54:18.698341+00:00”, “claim_url”: “http:\/\/krybitxdpxohsmjooeb3gbgpmdddreh6mnflzac6bnezz74b7yje67yd.onion\/blog\/cba113326007e55f5a42925d7f85f9edac137e1947522b425477006d0da47d78\/”, “country”: “MY”, “data_size”: null, “description”: “MAJUHOME Concept (Maju Home Furnishing Sdn. Bhd.) is a Malaysian leading one-stop mega furniture mall and lifestyle bran…”, “discovered”: “2026-07-03T09:54:38.036607+00:00”, “domain”: “majuhome.com.my”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-05-04T23:38:23”, “users”: 17, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/fbaa0204bb1bf70c23a301d594064dd0.png”, “url”: “https:\/\/www.ransomware.live\/id\/bWFqdWhvbWUuY29tLm15QGtyeWJpdA==”, “victim”: “majuhome.com.my” }, { “activity”: “Not Found”, “attackdate”: “2026-07-03T09:35:55.577574+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/fd765fef9902cef123bf95c1e2a5a98d9f043c02de3d477ef73afac9c1e1a84d\/”, “country”: “MX”, “data_size”: null, “description”: “DUFLO SAS (Duflo Servicios Integrales S.A.S.) is a Colombian company specializing in integrated facility management and …”, “discovered”: “2026-07-03T09:36:16.243098+00:00”, “domain”: “duflosa.com”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 8, “update”: “2026-07-03T09:35:55”, “users”: 1, “users_url”: 2 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e5ed6e7dc00db0ea994d018a447dd503.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZHVmbG9zYS5jb21Aa3J5Yml0”, “victim”: “duflosa.com” }, { “activity”: “Manufacturing”, “attackdate”: “2026-07-03T00:50:44.262864+00:00”, “claim_url”: “http:\/\/om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion\/r\/8MVbCGG1xTXXCrZgdByc2+uH18XQuzuiZVxUiEHdts9ZtUDTGSyY2xhM3Y48zpnft0RpZy6eE0+c1wfLLFyFBsdWZlbjZk”, “country”: “CH”, “data_size”: null, “description”: “Data breach at one of the largest family-owned manufacturing businesses in Switzerland.”, “discovered”: “2026-07-03T00:51:31.334328+00:00”, “domain”: “”, “group”: “anubis”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/110744645546f3d0c6ecd6e3bcab709e.png”, “url”: “https:\/\/www.ransomware.live\/id\/RmVycnVtIEFHQGFudWJpcw==”, “victim”: “Ferrum AG” }, { “activity”: “Public Sector”, “attackdate”: “2026-07-02T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a4704745ae71db30cb3362a”, “country”: “US”, “data_size”: null, “description”: “Oak Park, Michigan, is a vibrant, diverse inner-ring suburb of Metro Detroit located in Oakland County. Incorporated as a city in 1945, it spans 5.5 square miles and is home to roughly 30,000 residents. The city is currently experiencing a renaissance, transforming areas like the 11 Mile Road corridor into bustling hubs with breweries, restaurants, and new community spaces.”, “discovered”: “2026-07-03T00:55:46.305369+00:00”, “domain”: “oakparkmi.gov”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-03T00:55:06”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/28ff8c7df2ee49dafb4c43f5edd26a39.png”, “url”: “https:\/\/www.ransomware.live\/id\/b2FrcGFya21pLmdvdkBpbmNyYW5zb20=”, “victim”: “oakparkmi.gov” }, { “activity”: “Technology”, “attackdate”: “2026-07-02T16:21:37.062004+00:00”, “claim_url”: “http:\/\/basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion\/page_company.php?id=176”, “country”: “BR”, “data_size”: null, “description”: “lazio.com \u2014 this is a company from Italy.\nFlazio is a website builder platform that allows use…”, “discovered”: “2026-07-02T16:21:57.139761+00:00”, “domain”: “flazio.com”, “group”: “apt73”, “infostealer”: { “employees”: 767, “employees_url”: 15, “infostealer_stats”: { “Acreed”: 2, “Atomic”: 8, “Azorult”: 82, “CRYPTBOT”: 9, “DarkCrystal”: 1, “Ficker”: 2, “Generic Stealer”: 622, “Lumma”: 847, “Mystic”: 7, “Predator”: 2, “Raccoon”: 416, “RedLine”: 1558, “StealC”: 153, “Taurus”: 4, “UNKNOWN”: 38, “Vidar”: 126 }, “last_employee_compromised”: “2026-06-09T17:58:44+00:00”, “last_user_compromised”: “2026-06-24T00:00:00+00:00”, “thirdparties”: 3, “update”: “2026-07-02T16:21:36”, “users”: 4450, “users_url”: 100 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/895e1725ea5d06e126871a591e7ad86d.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZmxhemlvLmNvbUBhcHQ3Mw==”, “victim”: “flazio.com” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-07-02T16:20:49.602962+00:00”, “claim_url”: “http:\/\/basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion\/page_company.php?id=175”, “country”: “MO”, “data_size”: null, “description”: “Holiday Palace Hotel in Spain. Guest information, internal documents, reports, photos, videos, an…”, “discovered”: “2026-07-02T16:21:09.682878+00:00”, “domain”: “holidaypalace.com”, “group”: “apt73”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-02T16:20:49”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/af23f3bac6e8c9ff8d5156d1d7e260fd.png”, “url”: “https:\/\/www.ransomware.live\/id\/aG9saWRheXBhbGFjZS5jb21AYXB0NzM=”, “victim”: “holidaypalace.com” }, { “activity”: “Not Found”, “attackdate”: “2026-07-02T15:51:35.515599+00:00”, “claim_url”: “http:\/\/basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion\/page_company.php?id=174”, “country”: “AT”, “data_size”: null, “description”: “ritavo.com is the website of Rita V\u00f5 Group, a private multidisciplinary holding company from Vie…”, “discovered”: “2026-07-02T15:52:08.127189+00:00”, “domain”: “ritavo.com”, “group”: “apt73”, “infostealer”: { “employees”: 43, “employees_url”: 11, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 17, “update”: “2026-07-02T15:51:35”, “users”: 3, “users_url”: 10 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/be43664cd61fa5fd9057b754a6d80a98.png”, “url”: “https:\/\/www.ransomware.live\/id\/cml0YXZvLmNvbUBhcHQ3Mw==”, “victim”: “ritavo.com” }, { “activity”: “Business Services”, “attackdate”: “2026-07-02T13:25:49+00:00”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/0890882219”, “country”: “PK”, “data_size”: null, “description”: “[AI generated] Treet Group of Companies is a Pakistani conglomerate headquartered in Lahore, Pakistan. It operates across multiple industries including razor blades and personal care products, textile manufacturing, and power generation. The group is best known for producing Treet razor blades, one of the most recognized brands in Pakistan. It is publicly listed and has been a significant industrial player in Pakistan for several decades.”, “discovered”: “2026-07-02T14:00:46.490630+00:00”, “domain”: “treetcorp.com”, “group”: “worldleaks”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 10, “update”: “2026-07-02T14:00:22”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9364f1e417d3f3c050838124973deab7.png”, “url”: “https:\/\/www.ransomware.live\/id\/VHJlZXQgR3JvdXAgb2YgQ29tcGFuaWVzQHdvcmxkbGVha3M=”, “victim”: “Treet Group of Companies” }, { “activity”: “Business Services”, “attackdate”: “2026-07-02T13:25:39+00:00”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/8620103939”, “country”: “BR”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-07-02T14:01:26.350687+00:00”, “domain”: “www.service.com.br”, “group”: “worldleaks”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/add2529fe5e562cf472be63f3ad52d7f.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2VydmljZSBJVEB3b3JsZGxlYWtz”, “victim”: “Service IT” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-02T13:20:39.942067+00:00”, “claim_url”: “http:\/\/om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion\/r\/ZxMuptij8OrXtBb4TyaPrfDFsvfmfD4otvTwmnvCXIBU5W+YfSjke0DNnrdrCPDPvRWvmCkwFFbjgtFGU3mvjEl1dFI5V3NB”, “country”: “”, “data_size”: null, “description”: “Employee data, internal files, and a few unexpected discoveries.”, “discovered”: “2026-07-02T13:21:32.374956+00:00”, “domain”: “”, “group”: “anubis”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/50d09192e033a23bbac427d70f5d761c.png”, “url”: “https:\/\/www.ransomware.live\/id\/UXVlc3QgSGVhbHRoY2FyZSBTb2x1dGlvbnNAYW51Ymlz”, “victim”: “Quest Healthcare Solutions” }, { “activity”: “Manufacturing”, “attackdate”: “2026-07-02T09:55:25.820499+00:00”, “claim_url”: “http:\/\/blogvl7tjyjvsfthobttze52w36wwiz34hrfcmorgvdzb6hikucb7aqd.onion\/news.php?id=1”, “country”: “”, “data_size”: null, “description”: “[AI generated] X-Copper Professional is a Canadian legal and paralegal services firm specializing in traffic ticket defense and driving-related legal matters. Based in Ontario, Canada, the company represents clients facing speeding tickets, careless driving charges, and other Highway Traffic Act violations. It employs licensed paralegals and lawyers to help clients reduce or dismiss charges, minimizing fines, demerit points, and insurance premium impacts.”, “discovered”: “2026-07-02T09:55:44.685259+00:00”, “domain”: “”, “group”: “moneymessage”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4a3bee41e75c432dacd07bb978c8f3cb.png”, “url”: “https:\/\/www.ransomware.live\/id\/WC1Db3BwZXIgUHJvZmVzc2lvbmFsQG1vbmV5bWVzc2FnZQ==”, “victim”: “X-Copper Professional” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-07-02T09:25:46.663966+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=58f96ce6-c718-4160-9b1e-9a4653f88936”, “country”: “AU”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-07-02T09:26:15.587822+00:00”, “domain”: “www.pennanthillsgolfclub.com.au”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/37aa7cc3e341f09ed42106df33691744.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGVubmFudCBIaWxscyBHb2xmIENsdWJAcWlsaW4=”, “victim”: “Pennant Hills Golf Club” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-07-02T07:25:46.065348+00:00”, “claim_url”: “http:\/\/payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion\/posts\/f2c0075f-ac9b-426d-bbfa-1959e1305d76”, “country”: “DE”, “data_size”: null, “description”: “TOFUTOWN is a traditional organic manufacturer specializing in plant-based foods, founded in 1981. The company offers a diverse range of products including vegan spreads, tofu, and seitan, all made from high-quality organic ingredients. With a commitment to sustainability and natural ingredients, TOFUTOWN caters to health-conscious consumers looking for convenient and delicious plant-based meal options.”, “discovered”: “2026-07-02T07:26:30.193038+00:00”, “domain”: “”, “group”: “payload”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/3ac4135b1958efc23cc94404bcf200c5.png”, “url”: “https:\/\/www.ransomware.live\/id\/VG9mdXRvd25AcGF5bG9hZA==”, “victim”: “Tofutown” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-02T03:20:43.847622+00:00”, “claim_url”: “http:\/\/om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion\/r\/B0nIY7hm7oGVMGt4nThiJP6lUOZYZqUxryCZuOL8ruilfFsdT3CjmeEG+71I3+LCrskYlHzCsSTiSo1po4gEt2TExKVHRN”, “country”: “”, “data_size”: null, “description”: “Data breach exposes employees and patients of a pediatric clinic.”, “discovered”: “2026-07-02T03:21:32.892469+00:00”, “domain”: “”, “group”: “anubis”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c89b5778d3e244e715f4bd8def055777.png”, “url”: “https:\/\/www.ransomware.live\/id\/Tm9ydGhlYXN0IFBlZGlhdHJpY3MgJiBBZG9sZXNjZW50IE1lZGljaW5lQGFudWJpcw==”, “victim”: “Northeast Pediatrics & Adolescent Medicine” }, { “activity”: “Not Found”, “attackdate”: “2026-07-01T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a468eaf5ae71db30ca4ccc0”, “country”: “BR”, “data_size”: null, “description”: “Tambasa Atacadistas is one of the largest wholesale distributors in Brazil, operating primarily in the B2B marketplace. Founded in 1949, the company supplies retail stores, supermarkets, and construction shops across the entire national territory.”, “discovered”: “2026-07-02T16:55:44.978202+00:00”, “domain”: “tambasa.com”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-02T16:54:57”, “users”: 646, “users_url”: 85 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/830b75a7c314513defa019f5f122634f.png”, “url”: “https:\/\/www.ransomware.live\/id\/dGFtYmFzYS5jb21AaW5jcmFuc29t”, “victim”: “tambasa.com” }, { “activity”: “Education”, “attackdate”: “2026-07-01T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a4691a75ae71db30ca5296a”, “country”: “US”, “data_size”: null, “description”: “Flowers Early Learning (formerly known as Tri-County Head Start) is a non-profit 501(c)(3) organization providing free, high-quality early childhood education and family support services across Berrien, Cass, and Van Buren counties in Southwest Michigan. Funded by a federal grant through the Office of Head Start, the organization serves eligible families with children from birth to age five, as well as expectant mothers.”, “discovered”: “2026-07-02T16:54:37.978368+00:00”, “domain”: “tricountyhs.org”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 2, “update”: “2026-07-02T16:54:07”, “users”: 1, “users_url”: 2 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/881b8dcd89607d973c0824cdf53376c8.png”, “url”: “https:\/\/www.ransomware.live\/id\/dHJpY291bnR5aHMub3JnQGluY3JhbnNvbQ==”, “victim”: “tricountyhs.org” }, { “activity”: “Public Sector”, “attackdate”: “2026-07-01T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a46888b5ae71db30ca3fad9”, “country”: “US”, “data_size”: null, “description”: “Acworth is located in the foothills of the North Georgia mountains and is nestled along the banks of Lake Acworth and Lake Allatoona, hence its nickname \u201cThe Lake City.\u201d The city boasts a rich history, a charming downtown, abundant outdoor recreational activities, a vibrant restaurant scene, and an active festival and events calendar. Acworth is one of the best, family-friendly destinations in the Atlanta region.”, “discovered”: “2026-07-02T16:32:48.336121+00:00”, “domain”: “acworth-ga.gov”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-02T16:31:30”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/af9fc0b84a2ca791ca28cf0d4b072e92.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWN3b3J0aC1nYS5nb3ZAaW5jcmFuc29t”, “victim”: “acworth-ga.gov” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a468abe5ae71db30ca4400d”, “country”: “BR”, “data_size”: null, “description”: “Carvalima Transportes is a specialized freight transportation company with over 35 years of experience, headquartered in Cuiab\u00e1, MT. The company operates in multiple regions, including Mato Grosso, Mato Grosso do Sul, Rond\u00f4nia, Acre, and parts of Par\u00e1, as well as providing reverse logistics services across several states in Brazil. Their services include fractional cargo transport, dedicated cargo, e-commerce logistics, and air freight.”, “discovered”: “2026-07-02T16:31:11.857995+00:00”, “domain”: “carvalima.com.br”, “group”: “incransom”, “infostealer”: { “employees”: 32, “employees_url”: 8, “infostealer_stats”: { “CRYPTBOT”: 1, “Generic Stealer”: 70, “Lumma”: 177, “Mystic”: 2, “Raccoon”: 34, “RedLine”: 121, “StealC”: 29, “Taurus”: 1, “UNKNOWN”: 7, “Vidar”: 9 }, “last_employee_compromised”: “2026-03-06T23:25:45.977000+00:00”, “last_user_compromised”: “2026-06-23T18:39:36+00:00”, “thirdparties”: 52, “update”: “2026-07-02T16:29:09”, “users”: 501, “users_url”: 26 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Y2FydmFsaW1hLmNvbS5ickBpbmNyYW5zb20=”, “victim”: “carvalima.com.br” }, { “activity”: “Consumer Services”, “attackdate”: “2026-07-01T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a468b5b5ae71db30ca45835”, “country”: “BR”, “data_size”: null, “description”: “Estrutural Zortea is a Brazilian company founded in 1995, specializing in the design, fabrication, and assembly of large-scale metal structures. ISO 9001-2015 certified, they provide industrial, logistics, and port solutions throughout the country. Specialties include: roofing for grain warehouses and industrial sheds, hoppers, silos, metal towers, and buildings.”, “discovered”: “2026-07-02T16:28:50.505689+00:00”, “domain”: “ezortea.com.br”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 7, “update”: “2026-07-02T16:28:07”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/43179238099f009636c906b6626048d6.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZXpvcnRlYS5jb20uYnJAaW5jcmFuc29t”, “victim”: “ezortea.com.br” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-01T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a468c355ae71db30ca47b2d”, “country”: “US”, “data_size”: null, “description”: “Hamilton Eye Institute is a comprehensive vision care practice operating out of two Pennsylvania locations: Allentown and Easton. They provide routine eye exams, medical\/surgical eye treatments, and an in-house MediSpa.”, “discovered”: “2026-07-02T16:27:48.235320+00:00”, “domain”: “hamilton-eye.com”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-02T16:25:46”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/aGFtaWx0b24tZXllLmNvbUBpbmNyYW5zb20=”, “victim”: “hamilton-eye.com” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-01T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a45a1b85ae71db30c88ab68”, “country”: “US”, “data_size”: null, “description”: “Colorado Rehabilitation & Occupational Medicine (CROM) is a leading Denver-area physiatry practice specializing in non-surgical treatments for musculoskeletal and neurological conditions. Founded in 1992, CROM operates multiple clinics across the Front Range, focusing on helping patients recover from sports, work, and auto injuries without narcotics or surgery.”, “discovered”: “2026-07-02T00:28:12.052835+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/152e305bff9cdd02fcc8fedd6e19f6cb.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q29sb3JhZG8gUmVoYWJpbGl0YXRpb24gYW5kIE9jY3VwYXRpb25hbCBNZWRpY2luZUBpbmNyYW5zb20=”, “victim”: “Colorado Rehabilitation and Occupational Medicine” }, { “activity”: “Consumer Services”, “attackdate”: “2026-07-01T22:33:43.074747+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/barafai\/”, “country”: “BR”, “data_size”: null, “description”: “Organization with 11 emails extracted. Domain: estrela.ind”, “discovered”: “2026-07-01T22:33:59.107635+00:00”, “domain”: “estrela.ind”, “group”: “medusalocker”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:34:22.025494”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/ca1b8cef7510facdd5eaff4add616b0f.png”, “url”: “https:\/\/www.ransomware.live\/id\/RXN0cmVsYUBtZWR1c2Fsb2NrZXI=”, “victim”: “Estrela” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T22:33:10.961106+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/bavaqai\/”, “country”: “”, “data_size”: null, “description”: “Organization with 23 emails extracted. Domain: karneslegal.com”, “discovered”: “2026-07-01T22:33:24.863491+00:00”, “domain”: “karneslegal.com”, “group”: “medusalocker”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:33:39.256965”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/66bebc8fb30749bd126ce50415b9559c.png”, “url”: “https:\/\/www.ransomware.live\/id\/S2FybmVzbGVnYWxAbWVkdXNhbG9ja2Vy”, “victim”: “Karneslegal” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T22:32:39.098593+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/bavacai\/”, “country”: “DE”, “data_size”: null, “description”: “Organization with 933 emails extracted. Domain: sgs-gmbh.com”, “discovered”: “2026-07-01T22:32:52.866151+00:00”, “domain”: “sgs-gmbh.com”, “group”: “medusalocker”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:33:19.218659”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0c6f00d2b62fb69f349bcbd01197561f.png”, “url”: “https:\/\/www.ransomware.live\/id\/U2dzIEdtYmhAbWVkdXNhbG9ja2Vy”, “victim”: “Sgs Gmbh” }, { “activity”: “Manufacturing”, “attackdate”: “2026-07-01T22:32:06.359509+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/bavadai\/”, “country”: “”, “data_size”: null, “description”: “Organization with 17 emails extracted. Domain: dadolighting.com”, “discovered”: “2026-07-01T22:32:21.018150+00:00”, “domain”: “dadolighting.com”, “group”: “medusalocker”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:33:10.160862”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/1153fa13deeba28fc500a7e385b82753.png”, “url”: “https:\/\/www.ransomware.live\/id\/RGFkb2xpZ2h0aW5nQG1lZHVzYWxvY2tlcg==”, “victim”: “Dadolighting” }, { “activity”: “Telecommunication”, “attackdate”: “2026-07-01T22:31:34.098893+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/bauarai\/”, “country”: “DE”, “data_size”: null, “description”: “Organization with 823 emails extracted. Domain: t-online.de”, “discovered”: “2026-07-01T22:31:48.254889+00:00”, “domain”: “t-online.de”, “group”: “medusalocker”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/22ca988b9a35bcca8ebdc9875a55b536.png”, “url”: “https:\/\/www.ransomware.live\/id\/VCBPbmxpbmVAbWVkdXNhbG9ja2Vy”, “victim”: “T Online” }, { “activity”: “Manufacturing”, “attackdate”: “2026-07-01T22:30:54.317369+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/bapamai\/”, “country”: “DE”, “data_size”: null, “description”: “Notarkanzlei FunkeScheid, Kanzlei im Ostend, Frankfurt. 9755 emails. AD: Kanzlei.FunkeScheid.com”, “discovered”: “2026-07-01T22:31:16.028608+00:00”, “domain”: “FunkeScheid.com”, “group”: “medusalocker”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/1d3a7195636c4fbef94aea1689f9e21c.png”, “url”: “https:\/\/www.ransomware.live\/id\/RnVua2VTY2hlaWRAbWVkdXNhbG9ja2Vy”, “victim”: “FunkeScheid” }, { “activity”: “Public Sector”, “attackdate”: “2026-07-01T22:30:22.507618+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/baraaai\/”, “country”: “FR”, “data_size”: null, “description”: “Organization with 162 emails extracted. Domain: mairie-thiverval-grignon.fr”, “discovered”: “2026-07-01T22:30:36.252081+00:00”, “domain”: “mairie-thiverval-grignon.fr”, “group”: “medusalocker”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:31:33.953086”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5c4f3b1ea41876e1e10a484c937c9565.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWFpcmllIFRoaXZlcnZhbCBHcmlnbm9uQG1lZHVzYWxvY2tlcg==”, “victim”: “Mairie Thiverval Grignon” }, { “activity”: “Not Found”, “attackdate”: “2026-07-01T22:29:47.096951+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/batazai\/”, “country”: “AE”, “data_size”: null, “description”: “Organization with 69 emails extracted. Domain: dolrad.ae”, “discovered”: “2026-07-01T22:30:01.128728+00:00”, “domain”: “dolrad.ae”, “group”: “medusalocker”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 3, “update”: “2026-07-01T22:31:12.013551”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/990002389b03c60c8877004f8d721561.png”, “url”: “https:\/\/www.ransomware.live\/id\/RG9scmFkQG1lZHVzYWxvY2tlcg==”, “victim”: “Dolrad” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-01T22:29:15.009053+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/bakaxah\/”, “country”: “CH”, “data_size”: null, “description”: “Organization with 772 emails extracted. Domain: bd.zh.ch”, “discovered”: “2026-07-01T22:29:28.985124+00:00”, “domain”: “bd.zh.ch”, “group”: “medusalocker”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/27d181d5ae653ee15a9b9e69bd1073a2.png”, “url”: “https:\/\/www.ransomware.live\/id\/QmRAbWVkdXNhbG9ja2Vy”, “victim”: “Bd” }, { “activity”: “Public Sector”, “attackdate”: “2026-07-01T22:28:42.161789+00:00”, “claim_url”: “http:\/\/t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion\/company\/pdscl\/”, “country”: “CA”, “data_size”: null, “description”: “Canadian charity providing disability-related services. CRA Registration: 119090686RR0001 | Penticton, British Columbia, Canada”, “discovered”: “2026-07-01T22:28:56.824937+00:00”, “domain”: “pdscl.org”, “group”: “medusalocker”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:30:05.480752”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/dda3cc68da6eca1cd65b891038bd0077.png”, “url”: “https:\/\/www.ransomware.live\/id\/UGVudGljdG9uIGFuZCBEaXN0cmljdCBTb2NpZXR5IGZvciBDb21tdW5pdHkgTGl2aW5nQG1lZHVzYWxvY2tlcg==”, “victim”: “Penticton and District Society for Community Living” }, { “activity”: “Public Sector”, “attackdate”: “2026-07-01T20:35:54.781631+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/awo-suedostde\/”, “country”: “DE”, “data_size”: null, “description”: “Established in 1994, it is one of the regional branches of the Arbeiterwohlfahrt (AWO), one of Germany’s six largest independent \u2026”, “discovered”: “2026-07-01T20:36:12.146865+00:00”, “domain”: “awo-suedost.de”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-07-01T20:35:54”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/92ba4b2c5de0952baea30ebb556c60b7.png”, “url”: “https:\/\/www.ransomware.live\/id\/YXdvLXN1ZWRvc3QuZGVAc2FmZXBheQ==”, “victim”: “awo-suedost.de” }, { “activity”: “Not Found”, “attackdate”: “2026-07-01T20:35:18.163386+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/dia179com\/”, “country”: “DE”, “data_size”: null, “description”: “Founded in 2007, the firm specializes in industrial architecture, logistics facilities, research centers, production plants, and corporate office buildings. Unlike \u2026”, “discovered”: “2026-07-01T20:35:34.203156+00:00”, “domain”: “dia179.com”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T20:35:18”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5dedcb41b8e5c9a22f14e84953cb550c.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZGlhMTc5LmNvbUBzYWZlcGF5”, “victim”: “dia179.com” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-01T20:34:33.842998+00:00”, “claim_url”: “http:\/\/safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion\/blog\/post\/eaglecrestlifeorg\/”, “country”: “US”, “data_size”: null, “description”: “Operating under Bethany Lutheran Homes, Inc., the organization has served the region since 1946 and is recognized as the largest \u2026”, “discovered”: “2026-07-01T20:34:59.024194+00:00”, “domain”: “eaglecrestlife.org”, “group”: “safepay”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T20:34:33”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d362e82b48cddf5022fbcb987537f102.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZWFnbGVjcmVzdGxpZmUub3JnQHNhZmVwYXk=”, “victim”: “eaglecrestlife.org” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T18:27:48.701000+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a455c245ae71db30c80f236”, “country”: “GB”, “data_size”: null, “description”: “400gb “, “discovered”: “2026-07-01T19:27:33.564456+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/fb7e030f70fa9691b6a4c1071a43a7fe.png”, “url”: “https:\/\/www.ransomware.live\/id\/aHR0cHM6Ly93d3cucm91bmRzaGllbGQuY29tL0BpbmNyYW5zb20=”, “victim”: “https:\/\/www.roundshield.com\/” }, { “activity”: “Technology”, “attackdate”: “2026-07-01T15:51:30.512121+00:00”, “claim_url”: “http:\/\/vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion\/n\/digitaldynamics”, “country”: “US”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-07-01T15:51:52.782912+00:00”, “domain”: “digitaldynamics.com”, “group”: “BrainCipher”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-07-01T15:51:30”, “users”: 1, “users_url”: 1 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/9c1f78b9cfa1554ea156d56fce49917a.png”, “url”: “https:\/\/www.ransomware.live\/id\/ZGlnaXRhbGR5bmFtaWNzLmNvbUBCcmFpbkNpcGhlcg==”, “victim”: “digitaldynamics.com” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-01T15:50:52.721731+00:00”, “claim_url”: “http:\/\/vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion\/n\/goldenstateortho”, “country”: “US”, “data_size”: null, “description”: “[AI generated] Golden State Ortho appears to be an orthopedic medical practice or orthopedic supply company based in the United States, likely California given the \”Golden State\” reference. It operates in the healthcare industry, potentially offering orthopedic surgical services, prosthetics, orthotics, or related medical products and patient care. Specific verified details about this company are limited, so full operational details cannot be confirmed with certainty.”, “discovered”: “2026-07-01T15:51:11.297961+00:00”, “domain”: “goldenstateortho.com”, “group”: “BrainCipher”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T15:50:52”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/8dd76617c3a3e0e00cdc7b3d22501ece.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z29sZGVuc3RhdGVvcnRoby5jb21AQnJhaW5DaXBoZXI=”, “victim”: “goldenstateortho.com” }, { “activity”: “Manufacturing”, “attackdate”: “2026-07-01T15:50:13.327719+00:00”, “claim_url”: “http:\/\/vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion\/n\/printronix”, “country”: “US”, “data_size”: null, “description”: “[AI generated] Printronix is a US-based company specializing in industrial printing solutions. Founded in 1974 and headquartered in Irvine, California, it manufactures line matrix printers, thermal printers, and related accessories primarily for enterprise and industrial environments. Its products serve industries such as manufacturing, logistics, and supply chain management, offering high-volume, mission-critical printing capabilities used in warehouses and distribution centers worldwide.”, “discovered”: “2026-07-01T15:50:32.498123+00:00”, “domain”: “printronix.com”, “group”: “BrainCipher”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-07-01T15:50:13”, “users”: 12, “users_url”: 8 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c7385ce39c96d0b6f7cf313d6f589175.png”, “url”: “https:\/\/www.ransomware.live\/id\/cHJpbnRyb25peC5jb21AQnJhaW5DaXBoZXI=”, “victim”: “printronix.com” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-07-01T13:59:47.453004+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/299da2348c6c4fbf61255f0840df240808a4e97e8cb36cedd90fbec981d5f489\/”, “country”: “”, “data_size”: null, “description”: “B’Laofood Joint Stock Company (formerly B’Laofood Company Limited until March 25, 2026) is a Vietnamese leading manufact…”, “discovered”: “2026-07-01T14:00:06.543797+00:00”, “domain”: “blaofood.com”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T13:59:47”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0d7974a4f0938c0221ac3f000bf01c20.png”, “url”: “https:\/\/www.ransomware.live\/id\/Ymxhb2Zvb2QuY29tQGtyeWJpdA==”, “victim”: “blaofood.com” }, { “activity”: “Technology”, “attackdate”: “2026-07-01T13:59:09.843143+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/39313bc67cfc4e123e9e7a7cbaa11adc275a96ff72e3a951d4593db6d028fc86\/”, “country”: “TW”, “data_size”: null, “description”: “JAWS Co., Ltd. (\u5146\u65ed\u516c\u53f8) is a Taiwanese manufacturer of electronic connectors and cable assemblies, founded in May …”, “discovered”: “2026-07-01T13:59:28.466047+00:00”, “domain”: “jaws.com.tw”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 2, “update”: “2026-07-01T13:59:09”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/71a41a3b49c3e6f5a861afeca288748c.png”, “url”: “https:\/\/www.ransomware.live\/id\/amF3cy5jb20udHdAa3J5Yml0”, “victim”: “jaws.com.tw” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-07-01T13:58:31.222923+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/dc7ee87eb6a2e25dcd3f3dfd202126715f6160d98647bff01de1092dd89f9e33\/”, “country”: “ES”, “data_size”: null, “description”: “Global Software Partner S.L. (GSP) is a Spanish IT consulting and software company with over 30 years of experience in e…”, “discovered”: “2026-07-01T13:58:50.660972+00:00”, “domain”: “gsp.es”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T14:30:02”, “users”: 9, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/bb50e90c38c276bbcfe61d9d2022a08a.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z3NwLmVzQGtyeWJpdA==”, “victim”: “gsp.es” }, { “activity”: “Not Found”, “attackdate”: “2026-07-01T13:57:54.389747+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/cf390eb1150ad8606a7a4c25537768aca7933252ad7f5a622260f33373a92296\/”, “country”: “US”, “data_size”: null, “description”: “DISS Analytics is the digital solutions and statistical reporting division of DISS Corporation (Digital Imaging & Soluti…”, “discovered”: “2026-07-01T13:58:13.079565+00:00”, “domain”: “www.diss.com”, “group”: “krybit”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/67423301ffabac2e3898a1799bc220fd.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3LmRpc3MuY29tQGtyeWJpdA==”, “victim”: “www.diss.com” }, { “activity”: “Technology”, “attackdate”: “2026-07-01T13:57:17.592945+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/e7151f9c62b2ce53aff4f3813c6899cd9d6173ed631b6874663fccaf47238744\/”, “country”: “ME”, “data_size”: null, “description”: “German Imaging Technologies (GIT) Dubai LLC is a German-founded company established in 1999, headquartered in Dubai, UAE…”, “discovered”: “2026-07-01T13:57:35.408702+00:00”, “domain”: “gitmea.com”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T13:57:17”, “users”: 7, “users_url”: 2 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/fae97dea9bcdda100cf1ae1fc7d4b5aa.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z2l0bWVhLmNvbUBrcnliaXQ=”, “victim”: “gitmea.com” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-07-01T13:56:41.340756+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/8f92608da7fd29f35c725ebb627629d15c396fb9290422986e2d941496577f3d\/”, “country”: “”, “data_size”: null, “description”: “***.A. is a Guatemalan company specializing in heavy land transport and logistics services, …”, “discovered”: “2026-07-01T13:56:58.690305+00:00”, “domain”: “TRANSPORTES Y LOGISTICA BRAS, S.A”, “group”: “krybit”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/79f58087e0c4539b22c5645653844846.png”, “url”: “https:\/\/www.ransomware.live\/id\/VFJBTlNQT1JURVMgWSBMT0dJU1RJQ0EgQlJBUywgUy5BQGtyeWJpdA==”, “victim”: “TRANSPORTES Y LOGISTICA BRAS, S.A” }, { “activity”: “Technology”, “attackdate”: “2026-07-01T13:56:00.788503+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/f5b11ea64f1e8b628a97590888ece33f4091ad247ab5faa56dc1deccd783a8d6\/”, “country”: “TW”, “data_size”: null, “description”: “AeroVision Avionics, Inc. (AAI) (\u5229\u7fd4\u822a\u592a\u96fb\u5b50\u80a1\u4efd\u6709\u9650\u516c\u53f8) is a Taiwanese high-tech company incorporated in …”, “discovered”: “2026-07-01T13:56:18.322995+00:00”, “domain”: “aai.com.tw”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T13:56:00”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e3656e4b9f2451879f8d78693df87f03.png”, “url”: “https:\/\/www.ransomware.live\/id\/YWFpLmNvbS50d0BrcnliaXQ=”, “victim”: “aai.com.tw” }, { “activity”: “Technology”, “attackdate”: “2026-07-01T13:55:23.726915+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/db1d4fc953a82e4d71d85b512a220e1a6e0b9ea8f83657f59208c117dee77767\/”, “country”: “CA”, “data_size”: null, “description”: “Northern Access Transportation, Inc. is a locally owned American company founded in Duluth, Minnesota, USA, dedicated to…”, “discovered”: “2026-07-01T13:55:41.878039+00:00”, “domain”: “www.northern-access.com”, “group”: “krybit”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/c69dfc8e8d9159d070fbfd69fefb712a.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3Lm5vcnRoZXJuLWFjY2Vzcy5jb21Aa3J5Yml0”, “victim”: “www.northern-access.com” }, { “activity”: “Healthcare”, “attackdate”: “2026-07-01T13:54:46.746897+00:00”, “claim_url”: “http:\/\/krybitqsdzwmhnitvwuhvsntfgf2wrhxveyxroxpc44c6gkft2cqldyd.onion\/blog\/6df39ec3db9d6372988978d4cd131725f19ddf50ead77550bfc58cdcd686f9ad\/”, “country”: “IT”, “data_size”: null, “description”: “H\u00f4pital Catholique Saint Joseph Moscati (***.org) is a Catholic hospital operating under the motto \”Foi et charit\u00e9…”, “discovered”: “2026-07-01T13:55:04.388950+00:00”, “domain”: “moscati.org”, “group”: “krybit”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T13:54:46”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/e6a714f09404d2befafe2952cf659ca4.png”, “url”: “https:\/\/www.ransomware.live\/id\/bW9zY2F0aS5vcmdAa3J5Yml0”, “victim”: “moscati.org” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T13:27:56+00:00”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/6659711612”, “country”: “US”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-07-01T14:06:44.644814+00:00”, “domain”: “www.comhar.org”, “group”: “worldleaks”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/93fd194eb601af16a923a26de04cc3cb.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q09NSEFSQHdvcmxkbGVha3M=”, “victim”: “COMHAR” }, { “activity”: “Consumer Services”, “attackdate”: “2026-07-01T13:27:46+00:00”, “claim_url”: “https:\/\/worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion\/companies\/2426345623”, “country”: “IT”, “data_size”: null, “description”: “[AI generated] Starpool is an Italian company specializing in wellness and relaxation solutions, primarily designing and manufacturing saunas, steam rooms, and spa equipment. Founded in Italy, the company operates in the luxury wellness industry, supplying high-end products to hotels, spas, and private clients. Starpool is known for blending design with technology to promote physical and mental wellbeing, and distributes its products internationally while maintaining its headquarters in Italy.”, “discovered”: “2026-07-01T14:07:27.806782+00:00”, “domain”: “www.starpool.com”, “group”: “worldleaks”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/2bfd05dc265b2ba026f5c0ee403dfcb2.png”, “url”: “https:\/\/www.ransomware.live\/id\/U3RhcnBvb2xAd29ybGRsZWFrcw==”, “victim”: “Starpool” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T13:17:47.962560+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=2f884907-4973-409e-92dd-5ef8c7f3431a”, “country”: “US”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-07-01T13:18:10.632763+00:00”, “domain”: “www.mattatuckscrap.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/4957de662aa705eb77f766966f261fca.png”, “url”: “https:\/\/www.ransomware.live\/id\/TWF0dGF0dWNrIEluZHVzdHJpYWwgU2NyYXAgTWV0YWxAcWlsaW4=”, “victim”: “Mattatuck Industrial Scrap Metal” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T13:16:57.233008+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=2895dd71-2d77-4c70-badf-cd39e1ae9992”, “country”: “US”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-07-01T13:17:28.930707+00:00”, “domain”: “www.greenevillelaw.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7e2dcb96b7c9f5f8c6d919960486ee79.png”, “url”: “https:\/\/www.ransomware.live\/id\/TGF1Z2hsaW4gTnVubmFsbHkgSG9vZCAmIENydW1AcWlsaW4=”, “victim”: “Laughlin Nunnally Hood & Crum” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T13:16:10.644193+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=65ee4abc-01d6-4292-baf0-283f00612efe”, “country”: “SK”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-07-01T13:16:37.336109+00:00”, “domain”: “www.rossum.sk”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/150fa564c8f98fafbcb3366c6aff81c7.png”, “url”: “https:\/\/www.ransomware.live\/id\/Um9zc3VtIEludGVncmF0aW9uQHFpbGlu”, “victim”: “Rossum Integration” }, { “activity”: “Consumer Services”, “attackdate”: “2026-07-01T13:14:40.548848+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=a9bf0d58-3647-4639-9619-21dbf58dd83c”, “country”: “US”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-07-01T13:15:08.371113+00:00”, “domain”: “www.dixiebeverage.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/70295c72585270d042ac286a87d9330d.png”, “url”: “https:\/\/www.ransomware.live\/id\/RGl4aWUgQmV2ZXJhZ2VAcWlsaW4=”, “victim”: “Dixie Beverage” }, { “activity”: “Manufacturing”, “attackdate”: “2026-07-01T10:29:33.954187+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “Over 21 million Salesforce records containing some PII were compromised. The Company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don’t care. | Size: 100GB+ | Updated: 02 July 2026 | SHA256: 6ee9bd06756efceb56e5c56fd4e8ab3a8006b9cb80e7c0b4405ed15b996c05fe”, “discovered”: “2026-07-01T10:29:35.641583+00:00”, “domain”: “”, “group”: “shinyhunters”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Rmx1a2UgQ29ycG9yYXRpb25Ac2hpbnlodW50ZXJz”, “victim”: “Fluke Corporation” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T10:29:13.002796+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “The Company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don’t care. | Updated: 02 July 2026 | SHA256: f3c961b709bcff8f70dbb8361116831d2c86361754a09658115b9efed39308e5”, “discovered”: “2026-07-01T10:29:15.696670+00:00”, “domain”: “”, “group”: “shinyhunters”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SW5ncmFtIENvbnRlbnQgR3JvdXAsIEluYy5Ac2hpbnlodW50ZXJz”, “victim”: “Ingram Content Group, Inc.” }, { “activity”: “Business Services”, “attackdate”: “2026-07-01T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “www.higuchi-inc.co.jp\/newsrelease\/company\/doc\/unauthorized_access_incident.pdf \/\/ We have reviewed the report issued by HIGUCHI INC. To correct their mistake: the breach did not affect just one branch, but rather 3 different branches across various regions.Your data has not been leaked yet, as you are currently within an 8-day grace period. Before we publish any of your commercial or personal data, be aware that we possess 102 GB of Sage software backups, alongside numerous commercial documents.We await your reply to our messages. Follow the correct path to ensure nothing is leaked. We are waiting for you.”, “discovered”: “2026-07-01T18:02:45.713413+00:00”, “domain”: “”, “group”: “stormous”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Qk46IGhpZ3VjaGktaW5jIFJlcG9ydCBFcnJvciAmIFdhcm5pbmfigaBAc3Rvcm1vdXM=”, “victim”: “BN: higuchi-inc Report Error & Warning\u2060” }, { “activity”: “Hospitality and Tourism”, “attackdate”: “2026-07-01T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “Refinery Hotel is a luxury hotel located near Bryant Park in New York City, offering a modern r\neinterpretation of a historic hat factory. The hotel features 197 stylish rooms with industrial\naccents and modern amenities, alongside dining options such as the Parker & Quinn restaurant a\nnd the Refinery Rooftop bar.\n\nWe will upload 15gb of corporate data soon. Employee personal information (passports, DLs, SSNs\n, w9 forms), guests information, financials, contracts and agreements, lots of NDAs, etc.\n”, “discovered”: “2026-07-01T13:50:38.674785+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UmVmaW5lcnkgSG90ZWxAYWtpcmE=”, “victim”: “Refinery Hotel” }, { “activity”: “Consumer Services”, “attackdate”: “2026-07-01T00:00:00+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=ba701696-1c93-417d-a1cb-c69e714cc3f2”, “country”: “GB”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-07-01T13:18:51.401189+00:00”, “domain”: “Dennis Waters Rental Properties”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/56e75447290c25711ff3ee2db72f7d2b.png”, “url”: “https:\/\/www.ransomware.live\/id\/RGVubmlzIFdhdGVycyBSZW50YWwgUHJvcGVydGllc0BxaWxpbg==”, “victim”: “Dennis Waters Rental Properties” }, { “activity”: “Manufacturing”, “attackdate”: “2026-07-01T00:00:00+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=34b7e3d1-82ce-4455-9944-ea6c2ede92fc”, “country”: “GB”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-07-01T13:15:51.556343+00:00”, “domain”: “www.dynamiclasersolutions.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/69304683806a2702355bab510e232f91.png”, “url”: “https:\/\/www.ransomware.live\/id\/RHluYW1pYyBMYXNlciBTb2x1dGlvbnMgTHRkLkBxaWxpbg==”, “victim”: “Dynamic Laser Solutions Ltd.” }, { “activity”: “Technology”, “attackdate”: “2026-06-30T23:59:00+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a3926cc5ae71db30c25aebd”, “country”: “US”, “data_size”: null, “description”: “Horizon Eye Care operates as a group of independent optometric clinics and medical practices across North America. Depending on your specific location, they offer comprehensive eye examinations, surgical procedures (like LASIK and cataracts), contact lens fittings, and a wide variety of designer eyeglasses.”, “discovered”: “2026-07-01T00:24:31.361151+00:00”, “domain”: “horizoneye.com”, “group”: “incransom”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T00:23:50”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/abe9749ce7885cc50fc4d22bee403a4b.png”, “url”: “https:\/\/www.ransomware.live\/id\/aG9yaXpvbmV5ZS5jb21AaW5jcmFuc29t”, “victim”: “horizoneye.com” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T21:49:19+00:00”, “claim_url”: “”, “country”: “FR”, “data_size”: null, “description”: “***.fr SDEZ is a historic French family-owned company founded in 1816, specializing in the rental and maintenance of professional linen, workwear, and hygiene equipment.Operating a national network of industrial laundries across France and Belgium, it has become one of the leading textile service providers in the region.The company serves thousands of business clients and employs over 700 people to deliver comprehensive laundry and hygiene solution”, “discovered”: “2026-07-01T22:16:54.641718+00:00”, “domain”: “sdez.fr”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-07-01T22:16:53”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U0RFWkB0aGVnZW50bGVtZW4=”, “victim”: “SDEZ” }, { “activity”: “Construction”, “attackdate”: “2026-06-30T18:58:11.993258+00:00”, “claim_url”: “http:\/\/j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion\/topic.php?id=yXJej0EB4mGwto”, “country”: “US”, “data_size”: null, “description”: “United States”, “discovered”: “2026-06-30T18:58:31.728236+00:00”, “domain”: “www.wciboise.com”, “group”: “play”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/270f2b846469a67005fea87d04308d86.png”, “url”: “https:\/\/www.ransomware.live\/id\/V2VzdGVybiBDb25zdHJ1Y3Rpb25AcGxheQ==”, “victim”: “Western Construction” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-30T16:54:34.472624+00:00”, “claim_url”: “http:\/\/hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion\/post\/iA8ZqwqvbWAadhAdslngN5Kiazx2CWrf”, “country”: “US”, “data_size”: null, “description”: “FINAL NOTICE: UNIVERSAL PLANT SERVICES (UPS)\n\nWe are in possession of 315 GB of your corporate, financial, and operational data. Our analysis confirms that this archive contains highly sensitive information, including:\n\n Financial & Accounting: Full audits, tax filings (ADP), payroll, bank transa\u2026”, “discovered”: “2026-06-30T16:54:50.260413+00:00”, “domain”: “www.zoominfo.com\/c\/universal-plant-services-inc\/353963066”, “group”: “chaos”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/7fb52b145ba3a00a75216de347d813de.png”, “url”: “https:\/\/www.ransomware.live\/id\/dW5pdmVyc2FscGxhbnQuY29tQGNoYW9z”, “victim”: “universalplant.com” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-30T16:50:14.681242+00:00”, “claim_url”: “http:\/\/vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion\/n\/paipharma”, “country”: “BR”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-06-30T16:50:32.430072+00:00”, “domain”: “paipharma.com”, “group”: “BrainCipher”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-06-30T16:50:14”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/1a9d16729d9f09f8c6eb74bdb9d73783.png”, “url”: “https:\/\/www.ransomware.live\/id\/cGFpcGhhcm1hLmNvbUBCcmFpbkNpcGhlcg==”, “victim”: “paipharma.com” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-30T16:30:41+00:00”, “claim_url”: “”, “country”: “TW”, “data_size”: null, “description”: “***.com zoominfo.com\/c\/pou-sheng-international\/352458448 They serve as a key distributor and exclusive agent for major global sportswear brands like Nike, adidas, PUMA, and Under Armour. The company operates a comprehensive online and offline sales network across the country to provide a full sports and lifestyle experience.”, “discovered”: “2026-07-01T22:16:34.137806+00:00”, “domain”: “pousheng.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 3, “employees_url”: 5, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 5, “update”: “2026-07-01T22:16:32”, “users”: 12, “users_url”: 19 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UG91IFNoZW5nIEludGVybmF0aW9uYWxAdGhlZ2VudGxlbWVu”, “victim”: “Pou Sheng International” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-30T16:02:46+00:00”, “claim_url”: “”, “country”: “FR”, “data_size”: null, “description”: “***.com FAC Logistique, a French company founded in 1996 that specializes in the outsourcing of purchasing and logistics. Operating as a central purchasing office, the firm helps businesses optimize their supplier base, manage inventory, and significantly reduce operational costs. Headquartered in Grand-Couronne with additional agencies across France, the company leverages expert buyers to simplify supply chain processes and act as a dedicated \”center of savings\” for its clients”, “discovered”: “2026-07-01T22:17:16.225477+00:00”, “domain”: “fac-logistique.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:17:13”, “users”: 2, “users_url”: 1 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RkFDIExvZ2lzdGlxdWVAdGhlZ2VudGxlbWVu”, “victim”: “FAC Logistique” }, { “activity”: “Construction”, “attackdate”: “2026-06-30T16:00:02+00:00”, “claim_url”: “”, “country”: “CA”, “data_size”: null, “description”: “***.ca zoominfo.com\/c\/melcor-developments-ltd\/65095259 Melcor Developments Ltd., a prominent Canadian real estate development and construction company founded in 1923 and headquartered in Edmonton, Alberta. The firm specializes in the full lifecycle of property development, creating residential communities, commercial spaces, and industrial parks across Western Canada. With nearly a century of experience, Melcor is recognized for building sustainable, high-quality neighborhoods and long-term investment properties”, “discovered”: “2026-07-01T22:17:38.233891+00:00”, “domain”: “melcor.ca”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:17:35”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWVsY29yIERldmVsb3BtZW50cyBMdGRAdGhlZ2VudGxlbWVu”, “victim”: “Melcor Developments Ltd” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T15:54:39+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “***.com zoominfo.com\/c\/cui-agency\/397459082 CUI Agency, a family-owned independent insurance firm founded in Utah in 1969. Headquartered in the Salt Lake City area, the company specializes in risk management, offering comprehensive commercial insurance, employee benefits, personal lines, and bonds. They provide tailored insurance solutions designed to mitigate risks and protect the assets of businesses and families across the region”, “discovered”: “2026-07-01T22:17:58.673131+00:00”, “domain”: “cuiagency.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:17:57”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q1VJIEFnZW5jeUB0aGVnZW50bGVtZW4=”, “victim”: “CUI Agency” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T15:52:39+00:00”, “claim_url”: “”, “country”: “NI”, “data_size”: null, “description”: “***.com zoominfo.com\/c\/wacha–justen-llc\/357327144 Wacha & Justen, LLC, a dedicated law firm based in Napoleon, Ohio. The firm provides comprehensive legal services, including estate planning, personal injury, car accident claims, and general civil litigation. With a strong local presence, their experienced attorneys offer reliable representation to individuals and businesses throughout the region”, “discovered”: “2026-07-01T22:18:19.013526+00:00”, “domain”: “nwohlaw.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:18:17”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/V2FjaGEgSnVzdGVuQHRoZWdlbnRsZW1lbg==”, “victim”: “Wacha Justen” }, { “activity”: “Business Services”, “attackdate”: “2026-06-30T15:51:24+00:00”, “claim_url”: “”, “country”: “CH”, “data_size”: null, “description”: “***.com\/c\/eilon-oron-attorneys\/1341420873 Oron Law Firm, a legal practice specializing in traffic law, traffic accidents, and torts. Founded by Adv. Ilon Oron,The team provides comprehensive legal representation for licensing issues, accident claims, and traffic violations, offering 24\/7 customer support to assist their clients.”, “discovered”: “2026-07-01T22:18:38.773829+00:00”, “domain”: “zoominfo.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 1, “employees_url”: 1, “infostealer_stats”: { “Acreed”: 74, “Atomic”: 22, “Azorult”: 255, “CRYPTBOT”: 36, “DarkCrystal”: 7, “Ficker”: 7, “Generic Stealer”: 2093, “KPOT”: 1, “Lumma”: 2071, “Mystic”: 10, “Predator”: 8, “Raccoon”: 882, “RedLine”: 2584, “StealC”: 377, “Taurus”: 2, “UNKNOWN”: 107, “Vidar”: 365 }, “last_employee_compromised”: “2023-08-31T00:00:00+00:00”, “last_user_compromised”: “2026-04-29T00:00:00+00:00”, “thirdparties”: 7, “update”: “2026-05-04T17:50:48”, “users”: 9661, “users_url”: 100 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/T3JvbiBMYXcgRmlybUB0aGVnZW50bGVtZW4=”, “victim”: “Oron Law Firm” }, { “activity”: “Public Sector”, “attackdate”: “2026-06-30T15:43:20+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “***.com zoominfo.com\/c\/the-city-of-boyne-city\/368244116 City of Boyne City, a community located in Charlevoix County, Michigan. It serves as a central hub for residents, providing essential information on local government, city departments, utility services, and community events. The portal also highlights the city’s parks, recreation programs, and local initiatives, reflecting its vibrant lakeside lifestyle on Lake Charlevoix”, “discovered”: “2026-07-01T22:18:57.510341+00:00”, “domain”: “cityofboynecity.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:18:57”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/VGhlIENpdHkgb2YgQm95bmUgQ2l0eUB0aGVnZW50bGVtZW4=”, “victim”: “The City of Boyne City” }, { “activity”: “Energy”, “attackdate”: “2026-06-30T15:39:47+00:00”, “claim_url”: “”, “country”: “CZ”, “data_size”: null, “description”: “***.cz zoominfo.com\/c\/janc\u030ca–emas-group-sro\/532190785 JANCA & EMAS group s.r.o., one of the largest wholesale distributors of electrical equipment and materials in the Czech Republic. The company supplies a comprehensive range of electrical components, including switches, sockets, and smart home automation systems, primarily serving professional electricians and businesses. They operate an extensive network of physical branches across the country and offer a dedicated mobile app for quick ordering and inventory management.”, “discovered”: “2026-07-01T22:19:01.743016+00:00”, “domain”: “emas.cz”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Acreed”: 1, “Atomic”: 1, “Generic Stealer”: 51, “Lumma”: 47, “Mystic”: 1, “Raccoon”: 19, “RedLine”: 47, “StealC”: 6, “UNKNOWN”: 1, “Vidar”: 7 }, “last_employee_compromised”: “1970-01-01T00:00:00+00:00”, “last_user_compromised”: “2026-06-23T00:00:00+00:00”, “thirdparties”: 0, “update”: “2026-07-01T22:18:59”, “users”: 183, “users_url”: 9 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/RU1BUyBHcm91cEB0aGVnZW50bGVtZW4=”, “victim”: “EMAS Group” }, { “activity”: “Technology”, “attackdate”: “2026-06-30T15:38:15+00:00”, “claim_url”: “”, “country”: “PL”, “data_size”: null, “description”: “***.com zoominfo.com\/c\/makolab-sa\/31278202 MakoLab, a prominent Polish IT consulting and software development company acting as a digital project house.The firm specializes in digital transformation, artificial intelligence, custom software engineering, and human-centric design.They provide comprehensive business and technology consulting, product design, and global 24\/7 operations support to enterprise clients worldwide”, “discovered”: “2026-07-01T22:19:18.065203+00:00”, “domain”: “makolab.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:19:16”, “users”: 5, “users_url”: 3 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWFrb0xhYkB0aGVnZW50bGVtZW4=”, “victim”: “MakoLab” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-30T15:35:45+00:00”, “claim_url”: “”, “country”: “IT”, “data_size”: null, “description”: “***.it dnb.com\/business-directory\/company-profiles.naturghiaccio_srl.eae47436d39ec78b7abc7007a3637507.html Naturghiaccio, an Italian company founded in 2013 that specializes in the production and distribution of high-quality, certified food-grade ice. Operating with a fully automated plant, they supply premium packaged ice to the Ho.Re.Ca. sector, supermarkets, and event organizers across Italy. The company is an official member of the European Packaged Ice Association (EPIA), ensuring strict quality and safety standards for their products”, “discovered”: “2026-07-01T22:19:25.670344+00:00”, “domain”: “naturghiaccio.it”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:19:24”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TkFUVVJHSElBQ0NJT0B0aGVnZW50bGVtZW4=”, “victim”: “NATURGHIACCIO” }, { “activity”: “Business Services”, “attackdate”: “2026-06-30T15:34:09+00:00”, “claim_url”: “”, “country”: “FR”, “data_size”: null, “description”: “***.com pappers.fr\/entreprise\/osp-holding-france-838877108 838877108 OSP HOLDING (FRANCE) is an active French company founded in 2018 and managed by APInvest France, with a substantial share capital of over \u20ac14.4 million. It specializes in the design and assembly of industrial process control equipment, as well as the development and maintenance of software for parking management systems. The company employs between 50 and 99 people and is headquartered in Boulogne-Billancourt”, “discovered”: “2026-07-01T22:19:38.697049+00:00”, “domain”: “ospholding.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:19:36”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/T1NQIEhPTERJTkcgRlJBTkNFQHRoZWdlbnRsZW1lbg==”, “victim”: “OSP HOLDING FRANCE” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-30T15:22:22+00:00”, “claim_url”: “”, “country”: “IT”, “data_size”: null, “description”: “***.com zoominfo.com\/c\/mondottica-ltd\/346397915 Mondottica, a leading global eyewear company specializing in the design, production, and worldwide distribution of premium sunglasses and optical frames. Headquartered in London, the firm is renowned for managing an extensive portfolio of prestigious international fashion and lifestyle brand licenses. They combine innovative design with high-quality craftsmanship to deliver luxury eyewear collections to global markets”, “discovered”: “2026-07-01T22:19:45.912553+00:00”, “domain”: “mondottica.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:19:44”, “users”: 5, “users_url”: 1 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TW9uZG90dGljYUB0aGVnZW50bGVtZW4=”, “victim”: “Mondottica” }, { “activity”: “Business Services”, “attackdate”: “2026-06-30T15:20:01+00:00”, “claim_url”: “”, “country”: “TH”, “data_size”: null, “description”: “***.co.th Comp Trading Co., Ltd. (CTC), a premier Thai IT solutions and services provider founded in 1985 by former IBM engineers. The company specializes in enterprise IT infrastructure, data center solutions, cybersecurity, and comprehensive system maintenance. Today, CTC serves as a strategic technology partner for businesses, delivering disaster recovery, network support, and IT consulting services”, “discovered”: “2026-07-01T22:20:00.321985+00:00”, “domain”: “ctc.co.th”, “group”: “thegentlemen”, “infostealer”: { “employees”: 14, “employees_url”: 5, “infostealer_stats”: { “Generic Stealer”: 7, “Lumma”: 6, “Predator”: 1, “RedLine”: 1, “StealC”: 1 }, “last_employee_compromised”: “2025-03-07T05:01:23+00:00”, “last_user_compromised”: “2023-12-13T12:18:34+00:00”, “thirdparties”: 9, “update”: “2026-07-01T22:19:57”, “users”: 2, “users_url”: 8 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q29tcCBUcmFkaW5nIENvQHRoZWdlbnRsZW1lbg==”, “victim”: “Comp Trading Co” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-30T15:02:54+00:00”, “claim_url”: “”, “country”: “FR”, “data_size”: null, “description”: “***.com Centre Ophtalmologique d’Ermont, a specialized medical clinic in France dedicated to comprehensive eye care. The facility provides a full spectrum of ophthalmology services, including routine consultations, advanced diagnostics, and surgical treatments for various ocular conditions. The portal serves as a convenient hub where patients can access health information, manage their appointments, and connect with a team of expert specialists”, “discovered”: “2026-07-01T22:20:06.270693+00:00”, “domain”: “ophtalmologie-ermont.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:20:04”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q2VudHJlIE9waHRhbG1vbG9naXF1ZSBkRXJtb250QHRoZWdlbnRsZW1lbg==”, “victim”: “Centre Ophtalmologique dErmont” }, { “activity”: “Technology”, “attackdate”: “2026-06-30T14:58:01+00:00”, “claim_url”: “”, “country”: “TW”, “data_size”: null, “description”: “***.com.tw zoominfo.com\/c\/climax-technology-co-ltd\/440165694 Climax Technology Co., Ltd., a Taipei-based company founded in 1985 that specializes in smart security systems and telecare solutions. For over three decades, the firm has leveraged its telecommunications expertise to develop innovative hybrid security panels, emergency pendants, and long-term care alert technologies. Their comprehensive product line is designed to provide reliable safety, monitoring, and rapid emergency response for residential and healthcare environments globally”, “discovered”: “2026-07-01T22:20:20.966462+00:00”, “domain”: “climax.com.tw”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:20:19”, “users”: 0, “users_url”: 1 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/Q2xpbWF4IFRlY2hub2xvZ3lAdGhlZ2VudGxlbWVu”, “victim”: “Climax Technology” }, { “activity”: “Consumer Services”, “attackdate”: “2026-06-30T14:49:24+00:00”, “claim_url”: “”, “country”: “AE”, “data_size”: null, “description”: “***.com zoominfo.com\/c\/steegaa\/408684474 Steegaa Interior, a Dutch company based in Helmond specializing in high-end custom interior design and construction.Established in 2000, the firm focuses on designing, manufacturing, and installing bespoke interiors for both private and commercial clients.They are highly regarded for their exceptional craftsmanship, attention to detail, and ability to deliver complete, turnkey interior solutions.Additionally, the company operates as a recognized training center, offering apprenticeships to foster the next generation of skilled interior builders”, “discovered”: “2026-07-01T22:20:41.491605+00:00”, “domain”: “steegaa.com”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:20:39”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/U3RlZWdhYSBJbnRlcmlvckB0aGVnZW50bGVtZW4=”, “victim”: “Steegaa Interior” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T14:45:31+00:00”, “claim_url”: “”, “country”: “JP”, “data_size”: null, “description”: “***.co.jp zoominfo.com\/c\/dhc-corp\/372590440 DHC Corporation, a major Japanese health and beauty company renowned for its dietary supplements, skincare, and cosmetics. The brand is especially famous for its olive oil-based beauty products and high-quality, affordable nutritional supplements. The site serves as a primary hub for consumers to purchase their popular health, wellness, and beauty essentials”, “discovered”: “2026-07-01T22:20:46.693156+00:00”, “domain”: “dhc.co.jp”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: { “Acreed”: 4, “Atomic”: 1, “Azorult”: 34, “CRYPTBOT”: 1, “Ficker”: 1, “Generic Stealer”: 113, “Lumma”: 97, “Mystic”: 4, “Predator”: 1, “Raccoon”: 75, “RedLine”: 127, “StealC”: 30, “UNKNOWN”: 8, “Vidar”: 12 }, “last_employee_compromised”: “1970-01-01T00:00:00+00:00”, “last_user_compromised”: “2026-06-19T19:30:16+00:00”, “thirdparties”: 2, “update”: “2026-07-01T22:20:45”, “users”: 534, “users_url”: 34 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/REhDIENvcnBvcmF0aW9uQHRoZWdlbnRsZW1lbg==”, “victim”: “DHC Corporation” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T14:44:05+00:00”, “claim_url”: “”, “country”: “DE”, “data_size”: null, “description”: “***.de is the official website for the Immling Festival, a renowned classical music and opera event held annually at Gut Immling in Halfing, Germany. Running primarily from June to August since 1997, it features high-quality opera productions and symphony concerts in a picturesque setting. In 2026, the festival celebrates its 30th anniversary, remaining a major cultural highlight in the Chiemgau region”, “discovered”: “2026-07-01T22:21:02.170238+00:00”, “domain”: “immling.de”, “group”: “thegentlemen”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-01T22:21:00”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SW1tbGluZ0B0aGVnZW50bGVtZW4=”, “victim”: “Immling” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T12:47:04.911000+00:00”, “claim_url”: “http:\/\/incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion\/blog\/disclosures\/6a43bac85ae71db30c4f3cb1”, “country”: “IT”, “data_size”: null, “description”: “client, contracts, personal, NDA and other”, “discovered”: “2026-06-30T13:23:59.348137+00:00”, “domain”: “”, “group”: “incransom”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/5a523a9dd1efd1bd7886134846b24166.png”, “url”: “https:\/\/www.ransomware.live\/id\/aHR0cHM6Ly9zemEuaXQvQGluY3JhbnNvbQ==”, “victim”: “https:\/\/sza.it\/” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-30T12:31:18.463689+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=e10a7d15-361e-45ad-ba34-0167aa8f7ecf”, “country”: “”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-30T12:32:00.149210+00:00”, “domain”: “www.chamco.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a92dbc0e4b39f9a9e4faad7738a8fb56.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q2hhbWNvQHFpbGlu”, “victim”: “Chamco” }, { “activity”: “Business Services”, “attackdate”: “2026-06-30T12:30:26.264836+00:00”, “claim_url”: “http:\/\/ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion\/site\/blog?uuid=9a9add5c-96a6-46b9-8d94-1b9f29f0dc35”, “country”: “DE”, “data_size”: null, “description”: “N\/A”, “discovered”: “2026-06-30T12:30:59.234936+00:00”, “domain”: “www.hemmersbach.com”, “group”: “qilin”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/SGVtbWVyc2JhY2ggR21iSCAmIENvLiBLR0BxaWxpbg==”, “victim”: “Hemmersbach GmbH & Co. KG” }, { “activity”: “Financial Services”, “attackdate”: “2026-06-30T12:25:24.816484+00:00”, “claim_url”: “”, “country”: “VE”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-06-30T12:25:27.644861+00:00”, “domain”: “segurospiramide.com”, “group”: “gunra”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 8, “update”: “2026-06-30T12:25:24”, “users”: 708, “users_url”: 31 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UGlyw6FtaWRlIFNlZ3Vyb3NAZ3VucmE=”, “victim”: “Pir\u00e1mide Seguros” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T12:25:01.512190+00:00”, “claim_url”: “”, “country”: “HK”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-06-30T12:25:04.036590+00:00”, “domain”: “on-us.com”, “group”: “gunra”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-30T12:25:01”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/b24tdXNAZ3VucmE=”, “victim”: “on-us” }, { “activity”: “Not Found”, “attackdate”: “2026-06-30T12:24:39.304066+00:00”, “claim_url”: “”, “country”: “UY”, “data_size”: null, “description”: “[AI generated] N\/A”, “discovered”: “2026-06-30T12:24:42.449840+00:00”, “domain”: “yuditec.com”, “group”: “gunra”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-30T12:24:39”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/WXVkaXRlYyBTLkEuQGd1bnJh”, “victim”: “Yuditec S.A.” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-30T08:20:16.113348+00:00”, “claim_url”: “”, “country”: “GE”, “data_size”: null, “description”: “We have proudly been serving northeast Georgia since 1976. As a federally qualified health center, we are able to offer uninsured and underinsured patients a sliding fee scale. No one is denied services due to lack of income or insurance status.At MedLink Georgia, we strive to provide comprehensive, coordinated, and continuous care to all our patients. We offer a broad array of primary and preventive care services for patients of all ages, including screening, diagnosis, and management of chronic illnesses.”, “discovered”: “2026-06-30T08:20:17.704907+00:00”, “domain”: “www.medlinkga.org”, “group”: “cmdorganization”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/TWVkbGluayBHZW9yZ2lhQGNtZG9yZ2FuaXphdGlvbg==”, “victim”: “Medlink Georgia” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-30T06:20:15.187509+00:00”, “claim_url”: “”, “country”: “US”, “data_size”: null, “description”: “Port Angeles Composite LLC (PAC) is a leading supplier of advanced structural composite assemblies and components, serving the global commercial and business aerospace markets. Originally founded in 1996 as Angeles Composite Technologies, PAC was acquired by Honda Aircraft Company in October 2025. The company operates from a state-of-the-art manufacturing facility on Washington State\u2019s Olympic Peninsula, supporting customers such as Boeing, Bombardier, and Honda Aircraft with high-quality composite structures for new aircraft systems. PAC’s advanced manufacturing processes and technology ensure the highest quality composite products, offering tailored solutions to meet the unique requirements of each aerospace customer.”, “discovered”: “2026-06-30T06:20:16.776054+00:00”, “domain”: “www.pacomposite.com”, “group”: “cmdorganization”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/UG9ydCBBbmdlbGVzIENvbXBvc2l0ZUBjbWRvcmdhbml6YXRpb24=”, “victim”: “Port Angeles Composite” }, { “activity”: “Business Services”, “attackdate”: “2026-06-30T05:28:30+00:00”, “claim_url”: “http:\/\/ctyfftrjgtwdjzlgqh4avbd35sqrs6tde4oyam2ufbjch6oqpqtkdtid.onion\/281c9c40-9afe-413a-af7e-9cf7c3fdf3c0”, “country”: “”, “data_size”: null, “description”: “CYBERSECURITY: ARKIN HOTEL GROUP SUFFERS MASSIVE DATA BREACH \u2014 OVER 1 TB OF GUEST AND CASINO DATA STOLENCybersecurity experts from Cyclops Threat Intelligence have reported a critical incident affecting the Ark\u0131n Group hotel chain (www.arkingroup.com), including its premium properties The Ark\u0131n Colony, The Ark\u0131n Iskele, and Ark\u0131n Palm Beach in Northern Cyprus. According to preliminary assessments, the attackers managed to exfiltrate over one terabyte of internal documents, customer databases, and transaction logs, including confidential information from the Ark\u0131n Palm Beach Casino.\u258eAttack detailsAnalysts have established that the attackers gained initial access through a compromised employee account in the reservations department. Using legitimate remote administration tools, they gradually expanded their privileges, bypassed network segmentation, and exfiltrated a dataset totalling approximately 1.4 TB. Some of the stolen information has already surfaced on underground forums and darknet marketplaces.The stolen data includes:\u2022 Full guest profiles (passport details, phone numbers, addresses, stay history);\u2022 Financial details of bookings and payment credentials;\u2022 The internal CRM system with staff notes on VIP clients;\u2022 Casino database: player IDs, deposit amounts, visit frequency, records of chip exchange transactions and fund movements;\u2022 Scanned passports, compliance check forms (KYC\/AML), including source-of-funds questionnaires for high rollers.\u258eObjective and likely operatorBased on the intrusion characteristics and tactics used, experts link the incident to the threat group \u201cCryptoRex\u201d (tracked since 2023), which specialises in attacking hospitality and gambling businesses in the Mediterranean region. A combination of financial extortion and data sale to multiple buyers is considered likely. So far, no official ransom demand has been received, but portions of the archives have been put up for auction with a starting price of 8 bitcoins.\u258ePotential consequences of the leakThe leakage of confidential guest and especially casino client data entails a cascade of risks that go far beyond reputational damage.1. Personal security of high-net-worth guestsThe VIP casino player database, containing passport details, habits, and financial capabilities, serves as a direct \u201cdirectory\u201d for kidnappers, extortionists, and organised crime groups. Affected individuals may face real threats to their physical safety, as well as targeted blackmail (e.g., threats to expose gambling activity to business partners or family members in countries where gambling is stigmatised).2. Financial fraudPayment data from hotel guests and credit\/debit cards linked to casino accounts will enable unauthorised transactions. Given the high credit limits of casino patrons, the scale of potential phishing and card fraud is assessed as very significant.3. Compliance nightmare and regulatory finesAlthough the international casino operators in Northern Cyprus do not directly fall under GDPR, many guests are citizens of the EU, the UK, and CIS countries. The breach demonstrates a flagrant failure to meet personal data protection standards. Lawsuits by affected individuals in national courts and scrutiny by international payment systems (Visa, Mastercard) are possible, which could suspend acquiring services.4. Risks to the casino itself and the jurisdiction[6\/9\/2026 1:09 PM] ChatGPT 5 | Deepseek | Claude: The exposure of internal AML records documenting the origin of funds and possible links to politically exposed persons could spark money-laundering investigations. For Northern Cyprus\u2019s gambling zone, already under close watch by the FATF, this could lead to tighter international financial monitoring and being placed on grey lists.5. Reputational ruinNo wealthy client will entrust their data to a hotel incapable of protecting basic IT infrastructure. Trust in the Ark\u0131n brand, which for decades has built an image of secluded luxury, will be undermined for years. Competitors in the elite leisure market, especially in Dubai, Monaco, and the Maldives, will immediately exploit the situation to poach wary clientele.\u258eAnalysts\u2019 recommendationsCyclops Threat Intelligence strongly advises all individuals who have ever stayed at Ark\u0131n hotels or visited Ark\u0131n Palm Beach Casino to:\u2022 Immediately block and reissue any bank cards used;\u2022 Monitor credit reports for new applications;\u2022 Enable additional authentication factors on email and financial services;\u2022 Be highly critical of any incoming calls or messages demanding identity confirmation or fund transfers \u2014 these could be targeted attacks using contextual details from the leaked staff notes.The Ark\u0131n Group press office has not yet responded to official inquiries. The company\u2019s website remains operational, but online booking sections are temporarily unavailable. Northern Cyprus authorities stated that they are \u201caware of the incident\u201d and have begun consultations with EU experts under a cyber-resilience programme.Report prepared by the Thomson Reuters cybersecurity desk based on the Cyclops Threat Intelligence analytical brief.”, “discovered”: “2026-06-30T05:51:46.011970+00:00”, “domain”: “”, “group”: “blacknevas”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/912539194c850bbc6caffb4e2286434d.png”, “url”: “https:\/\/www.ransomware.live\/id\/QXJraW4gR3JvdXBAYmxhY2tuZXZhcw==”, “victim”: “Arkin Group” }, { “activity”: “Transportation\/Logistics”, “attackdate”: “2026-06-30T04:40:57.829088+00:00”, “claim_url”: “http:\/\/embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion\/#\/post\/94f8b5f3-4b6f-44c8-a4d3-41fab0dd9d19”, “country”: “US”, “data_size”: null, “description”: “May Trucking Company is a family-owned interstate transport carrier founded in 1945, headquartered in Brooks, Oregon. They provide dry freight and temperature-c… – TOTAL QUANTITY OF DATA 1 TB”, “discovered”: “2026-06-30T04:54:43.475550+00:00”, “domain”: “www.maytrucking.com”, “group”: “embargo”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/b6d88d5b8fe4cc58297c4c06b3b04640.png”, “url”: “https:\/\/www.ransomware.live\/id\/d3d3Lm1heXRydWNraW5nLmNvbUBlbWJhcmdv”, “victim”: “www.maytrucking.com” }, { “activity”: “Agriculture and Food Production”, “attackdate”: “2026-06-30T00:00:00+00:00”, “claim_url”: “http:\/\/pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion\/Companies\/acbeverage”, “country”: “US”, “data_size”: null, “description”: “Provider in the draft beer service industry, specializing in the installation of high-quality systems and beer line”, “discovered”: “2026-07-03T10:58:15.341474+00:00”, “domain”: “acbeverage.com”, “group”: “pear”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-07-03T10:57:51”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/0390d472241a609ce05f9b0f2473ce9c.png”, “url”: “https:\/\/www.ransomware.live\/id\/QUMgQmV2ZXJhZ2UsIEluYy5AcGVhcg==”, “victim”: “AC Beverage, Inc.” }, { “activity”: “Manufacturing”, “attackdate”: “2026-06-30T00:00:00+00:00”, “claim_url”: “http:\/\/pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion\/Companies\/cnw”, “country”: “SG”, “data_size”: null, “description”: “Providing complete wire harness solutions, from design to manufacturing”, “discovered”: “2026-07-03T10:57:31.915805+00:00”, “domain”: “cnw.com.sg”, “group”: “pear”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 1, “update”: “2026-07-03T10:57:04”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/a536cd5cc30ffc3ff69bf9308400c3ff.png”, “url”: “https:\/\/www.ransomware.live\/id\/Q05XIEVsZWN0cm9uaWNzIFB0ZSBMdGRAcGVhcg==”, “victim”: “CNW Electronics Pte Ltd” }, { “activity”: “Healthcare”, “attackdate”: “2026-06-30T00:00:00+00:00”, “claim_url”: “http:\/\/u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion\/blog\/primed-halberstadt-medizintechnik-b278bad0”, “country”: “DE”, “data_size”: null, “description”: “[manufacturer] *** GmbH \u2014 a German manufacturer of medical devices founded in 1946 and now part of the PE-backed PP Medtech group (Wiesmann & Co. KG).\n\nThe exfiltration captured four entire server volumes:\n\nDaten (883 GB) \u2014 File server: 289 employee home directories (547 GB), Czech subsidiary data (66 GB), production processes (162 GB), machine configurations (81 GB)\nEE (807 GB) \u2014 Enterprise system: Apollo ERP, VBANK banking (8 accounts), complete database backup (100.6 GB, dated June 3), product images\nWINDVSW1 (344 GB) \u2014 Windows server: DATEV accounting (115+ data directories including LODAS payroll), bank transfers, DMS exports\ndmsscan (12 GB) \u2014 Scanned documents from 51+ employee DMS mailboxes\nA database backup (spiel.zip.001\u2013010, 100.6 GB) was created on 2026-06-03”, “discovered”: “2026-06-30T19:51:25.102363+00:00”, “domain”: “Primed Halberstadt Medizintechnik”, “group”: “aurora”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/efce6e3e56e2413a3a967370b4de9eeb.png”, “url”: “https:\/\/www.ransomware.live\/id\/UHJpbWVkIEhhbGJlcnN0YWR0IE1lZGl6aW50ZWNobmlrQGF1cm9yYQ==”, “victim”: “Primed Halberstadt Medizintechnik” }, { “activity”: “Business Services”, “attackdate”: “2026-06-30T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “Todd, Hamaker & Johnson, LLP is a professional tax and accounting firm based in Lufkin, Texas, \ndedicated to providing personalized services to both individuals and businesses. The firm offer\ns a comprehensive range of services including tax, accounting, audit, and financial guidance.\n\nWe will upload 40gb of corporate data soon. Lots of client and employee personal information (p\nassports, SSNs, DLs and other information), detailed financials, client financials and other co\nnfidential client docs, contracts and agreements, etc.\n”, “discovered”: “2026-06-30T12:20:38.168704+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QWJvdXQgVG9kZCBIYW1ha2VyICYgSm9obnNvbkBha2lyYQ==”, “victim”: “About Todd Hamaker & Johnson” }, { “activity”: “Business Services”, “attackdate”: “2026-06-30T00:00:00+00:00”, “claim_url”: “”, “country”: “”, “data_size”: null, “description”: “Advanced Business Systems, Inc. is a locally owned business serving the Quad Cities area, speci\nalizing in a wide range of office products and solutions including copiers, printers, IT servic\nes, phone systems, and furniture.\n\nWe will upload 31gb of corporate data soon. Employee personal information (88 SSNs, passports a\nnd other docs), NDA, projects, contracts and agreements, customer information and so on.\n”, “discovered”: “2026-06-30T11:50:46.286253+00:00”, “domain”: “”, “group”: “akira”, “infostealer”: “”, “press”: null, “ransom”: null, “screenshot”: “”, “url”: “https:\/\/www.ransomware.live\/id\/QWR2YW5jZWQgQnVzaW5lc3MgU3lzdGVtc0Bha2lyYQ==”, “victim”: “Advanced Business Systems” }, { “activity”: “Business Services”, “attackdate”: “2026-06-29T21:51:12.613222+00:00”, “claim_url”: “http:\/\/threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion\/detail\/hbjxpv62a0rbya0it1utlvfs88jux1”, “country”: “GB”, “data_size”: null, “description”: “Guardian Barrier Services provides a wide range of products and services for events, including crowd control barriers, cable ramps, truss structures, and temporary flooring. Their experienced team supports clients from the planning stage to the ex”, “discovered”: “2026-06-29T21:51:33.683981+00:00”, “domain”: “guardianbarrierservices.com”, “group”: “threeam”, “infostealer”: { “employees”: 0, “employees_url”: 0, “infostealer_stats”: [], “last_employee_compromised”: null, “last_user_compromised”: null, “thirdparties”: 0, “update”: “2026-06-29T21:51:12”, “users”: 0, “users_url”: 0 }, “press”: null, “ransom”: null, “screenshot”: “https:\/\/images.ransomware.live\/victims\/d9aa8e91fba5dbb7af1f9f48636eee82.png”, “url”: “https:\/\/www.ransomware.live\/id\/Z3VhcmRpYW5iYXJyaWVyc2VydmljZXMuY29tQHRocmVlYW0=”, “victim”: “guardianbarrierservices.com” } ]