Ransomware Group: APOS

VICTIM NAME: infraestructures[.]cat

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the APOS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware group claims to have compromised the primary server infrastructure of the organization operating the domain infraestructures.cat, located in Spain. They have obtained a complete copy of the data stored on the affected systems and are warning that they will leak this information within 15 days unless the issue is resolved through their dedicated support portal. The message sent by the attackers emphasizes urgency and threatens potential data exposure, which could include sensitive organizational information.

The attackers provide details about their toolset, indicating the use of multiple infostealers such as Azorult, Lumma, RedLine, StealC, and Vidar, which suggest ongoing data harvesting activities involving the compromised infrastructure. They mention that the attack involved a small team of seven employees, with additional third parties involved. Although no specific technical payloads or ransom demands are disclosed, the message highlights the seriousness of the breach and the group’s confidence in their control of the situation. No images or screenshots are present on the page, but the text indicates that sensitive organizational data has been exfiltrated and will likely be leaked unless remedial actions are taken immediately.

The victim organization’s activity sector is unspecified, but the attack’s details suggest it is a critical infrastructure or service provider based in Spain. The message underscores the threat to the organization’s operations and data security, warning stakeholders to act quickly to prevent public exposure of confidential information. The page does not include compromised personal data or explicit sensitive documentation, focusing instead on the threat itself and the organization’s vulnerability.