Ransomware Group: DEVMAN

VICTIM NAME: netstar[.]co[.]za

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DEVMAN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware incident involving the victim domain, netstar.co.za, was discovered on May 23, 2025. The attack resulted in the encryption of all files on the compromised system, with an estimated ransom demand of approximately 1.2 million USD. The targeted entity operates within the technology sector and is based in South Africa. The attack group responsible is identified as “devman,” and their activity indicates a sophisticated operation involving multiple malware tools and infostealers. The breach affected a relatively small workforce of 17 employees, with numerous associated third-party domains and a significant volume of stolen data, including sensitive user information.

The compromised data appears to include information from various infostealer family malware such as Lumma, Raccoon, and RedLine, which are known for exfiltrating confidential user and system data. The attackers have also listed details about multiple infostealers used in the attack, hinting at a complex and layered intrusion method. The incident’s technical details indicate extensive data exfiltration, with the attackers possibly targeting corporate and user information stored in the victim’s network. The page includes no visible screenshots or specific leaked files but provides a link to a public leak site for further information. The incident underscores the ongoing threat posed by cybercriminal groups targeting technology companies for financial gains through sophisticated ransomware and data theft campaigns.