Ransomware Group: STORMOUS

VICTIM NAME: hy-vee[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the STORMOUS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak involves a major player in the agriculture and food production industry, specifically targeting the domain hy-vee.com. The breach was discovered on June 23, 2025, and includes the unauthorized access and extraction of a substantial volume of internal data, totaling approximately 53GB. Attackers gained access through compromised accounts on Atlassian’s collaboration tools, such as Confluence and Jira, which facilitated infiltration into the company’s internal environment. The leaked data comprises internal documents, infrastructure diagrams, employee information, training materials, and technical details about various operational systems. The breach underscores significant vulnerabilities in the company’s data security protocols and poses potential risks related to sensitive corporate information.

The hackers, associated with the group Stormous, have publicly released a link to access the stolen data on their dark web portal. The leaked files include technical intelligence that could be exploited for further attacks, as well as employee data affecting nearly 100 staff members. Multiple malware infostealer tools, such as RedLine, Raccoon, and others, have been identified as part of the attack payloads used for data theft. The leak also features a screenshot of internal documents or systems, highlighting the severity of the breach. Due to the nature of the stolen material, the incident could have broad implications for the victim’s operational security and customer trust.