Ransomware Group: DEVMAN

VICTIM NAME: China Harbour Engeneiring Company

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to China Harbour Engineering Company, a construction industry firm based in China. The attack date is recorded as April 20, 2025, and the incident involves a significant data compromise. According to available details, the attackers claimed to have encrypted all network devices and exfiltrated approximately 50 gigabytes of sensitive data. The ransom amount demanded was approximately 450,000 USD. The incident was discovered shortly after the attack, indicating rapid detection. The leak page does not include specific download links or images, but it emphasizes the extent of encryption and data theft involved, highlighting the breach’s severity and potential impact on operations.

The leak documentation mentions that the attack affected multiple devices across the network, with attackers claiming to have hidden encrypted signs across the compromised infrastructure. The activity is associated with a threat group named “devman.” Due to the sensitive nature of the information stolen and encrypted, the company faces significant operational and reputational risks. The description of the incident underscores the importance of robust cybersecurity measures, especially in critical infrastructure sectors such as construction. No personal identifiable information or specific technical details are disclosed publicly, aligning with safeguarding confidentiality while informing about the breach’s impact.