Ransomware Group: DEVMAN

VICTIM NAME: DHL THAILAND

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to DHL Thailand, a key player in the transportation and logistics industry in Thailand. The compromise was publicly disclosed on June 2, 2025. The leak includes information related to the incident, but specific details about the attack methodology or affected systems are not provided. The threat actors have claimed responsibility through a dedicated leak page hosted on a dark web platform. The page features various screenshots, which may include internal documents or system interfaces, though these are not detailed here. The incident appears to involve significant data exposure, potentially impacting operational security and customer information.

The threat group behind this attack is identified as “devman,” and they have targeted a major logistics company with a focus on disrupting operations in the region. The attackers have released details about the data stolen, which includes information from multiple infostealer families, such as Raccoon, RedLine, and others, indicating extensive data exfiltration. The leak also provides statistics on the number of compromised employees and third-party entities, suggesting a wide scope of data impact. Download links or data leak evidence appear to be available, although specific files are not disclosed here. This incident underscores ongoing cyber threats against critical supply chain infrastructure in Southeast Asia.