Ransomware Group: CRYPTO24

VICTIM NAME: Tan Chong Motor Holdings Berhad

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CRYPTO24 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Tan Chong Motor Holdings Berhad, a manufacturing company based in Malaysia. The attack was detected on July 16, 2025, approximately a week after the compromise date of July 9, 2025. The attackers claim to have exfiltrated over 300GB of sensitive data, including extensive customer databases, legal and human resources documents, financial records, and contractual agreements with various partners and clients. The intercepted data appears to include confidential internal documents, which could have significant implications for the company’s operations and reputation. The breach highlights serious security vulnerabilities, especially considering the volume and sensitivity of the leaked information.

The incident involves a substantial cyber threat, with multiple malware families identified in the attack, including various infostealers such as RedLine, Lumma, and Raccoon, among others. The attackers have also accessed a wide network of third-party domains, indicating a potentially complex attack surface. The leak page includes mention of screenshots of internal documents and information about ongoing malicious activity. Despite the absence of publicly available direct download links, the leak signifies the exposure of highly sensitive and proprietary data. The company’s manufacturing sector, with around nine employees involved in handling or potentially affected by the breach, underscores the targeted nature of this cyber attack. No additional press statements or disclosures are available at this time.