Dell confirms breach of test lab platform by World Leaks extortion group
Update 7/21/25: Added that World Leaks has now leaked some of the stolen data.
A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom.
Dell acknowledged the incident to BleepingComputer, confirming that the threat actor had breached its Customer Solution Centers platform, which is used to demonstrate Dell products and solutions to customers.
- BleepingComputer asked Dell how the company was breached, but was told it would not share this information as the breach is still under investigation.
- When asked about the ransom demand, Dell said it had nothing further to share.
World Leaks is a rebrand of the Hunters International ransomware, which shifted its focus away from file encryption toward pure data extortion.
Hunters International was launched in late 2023 as a ransomware operation and was flagged as a possible rebrand of Hive due to code similarities.
In January 2025, Hunters International rebranded as World Leaks, citing concerns that ransomware is no longer profitable and risky.
Instead, the threat actors now focus on stealing data in extortion attacks, utilizing a custom-made data exfiltration tool.
- World Leaks affiliates are also linked to the recent exploitation of end-of-life SonicWall SMA 100 devices, where threat actors installed a custom OVERSTEP rootkit.
- Yutaka Sejiyama, a threat researcher at Macnica, told BleepingComputer that 10 out of the 46 companies posted on World Leaks' data leak site had been using an SMA 100.
World Leaks publishes stolen data
After publishing our story, World Leaks released samples of the stolen data, claiming to have exfiltrated 1.3 TB of data.
Source: BleepingComputer
While BleepingComputer did not review all of the data, most of it appears to be configuration scripts, backups, and system data associated with various IT deployments on the platform.
-
Intel announces end of Clear Linux OS project, archives GitHub repos
The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem.
- July 21, 2025
- 05:25 PM
0
-
Ring denies breach after users report suspicious logins
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th.
- July 21, 2025
- 03:33 PM
- 0
-
How to conduct an AI risk assessment [Free Guide]
Shadow AI is growing fast. Stay one step ahead.
Learn how to take a scalable approach to AI risk assessments so you can safeguard your org's proprietary data without blocking innovation.
-
ExpressVPN bug leaked user IPs in Remote Desktop sessions
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses.
- July 21, 2025
- 12:06 PM
- 0
-
Veeam Recovery Orchestrator users locked out after MFA rollout
Veeam warned customers today that a recently released Recovery Orchestrator version blocks Web UI logins after enabling multi-factor authentication (MFA).
- July 21, 2025
- 11:26 AM
- 0
-
Dior begins sending data breach notifications to U.S. customers
The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information.
- July 21, 2025
- 10:31 AM
- 0
-
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface.
- July 21, 2025
- 07:34 AM
- 1
No comments:
Post a Comment