Ransomware Group: DATACARRY

VICTIM NAME: Mammut Sports Group

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DATACARRY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page reports that Mammut Sports Group, a Swiss multinational specializing in outdoor mountaineering and trekking equipment, has been compromised. The attack was detected on May 26, 2025, and involved the exfiltration of sensitive data. The company, known for its high-quality outdoor gear and commitment to sustainability, appears to have experienced a significant data breach affecting its internal information. The leak includes details about numerous infostealers and third-party access points used in the attack, with data potentially relating to employees, customers, and business operations. No specific compromised files or PII are publicly disclosed in the leak summary, but the breach underscores the persistent cybersecurity risks faced by large corporations in the consumer services sector.

The leak page indicates that several malware strains, including Raccoon, RedLine, and Lumma, were involved in the breach and that information related to the attack comprises numerous stolen credentials and possibly internal documents. Although no direct links to download the stolen data are provided, the page suggests that attackers may have access to employee details, company communications, and other internal assets. The breach appears to involve the company’s online presence, as a website modification was noted shortly after the attack. Visual content such as screenshots or images relevant to the breach are not included; however, the presence of data exfiltration activities highlights ongoing cybersecurity challenges for the company, especially given its international footprint and sector.