Ransomware Group: NIGHTSPIRE

VICTIM NAME: Ecoinside

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a cybersecurity incident involving a company based in Portugal, identified as Ecoinside. The attack was publicly disclosed on May 22, 2025, with the compromise date listed as May 21, 2025. The breach resulted in a substantial data exfiltration, with approximately 127 gigabytes of data reported as leaked. The incident was orchestrated by the threat group known as Nightspire. The leak includes information related to infostealer activity, notably involving the Lumma malware, and affects third-party domains linked to the victim. Screenshots or specific data samples are not included publicly, but the leak’s presence indicates potential exposure of sensitive information.

The leak site notes that there are no publicly visible employee details or direct contact information available. The incident involves malicious actors targeting the company’s digital infrastructure, possibly including data theft and extortion strategies. Additional technical details reveal that at least one user account was involved in the attack, and multiple third-party domains associated with the victim have been impacted. The victim operates within an unspecified activity domain, and the leak emphasizes risks associated with the compromise of proprietary data and internal information stored on the compromised network. No explicit mention is made of the specific types of data leaked, but the quantities and scope suggest serious implications for the targeted organization.

The leak site indicates a significant data breach affecting the Portuguese-based company, with around 127 GB of data leaked by the threat group Nightspire. The incident includes details of malware activity involving the Lumma infostealer and impact on multiple third-party domains. The breach exposes potential risks for sensitive corporate information, emphasizing the importance of cybersecurity measures and rapid incident response to mitigate such threats.