Ransomware Group: DIREWOLF

VICTIM NAME: ksubsea-group

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DIREWOLF Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 14, 2025, the leak post associated with the threat actor direwolf concerns the victim “ksubsea-group.” The record lists Norway (NO) as the country, but the industry field is not disclosed. The timestamp provided is 2025-08-14 14:19:49.080976, and in the absence of a separate compromise date, this timestamp is treated as the post date. The post identifies ksubsea-group as a ransomware victim and includes a claim URL (defanged) for further information or negotiation. The available data does not specify whether the incident is described as an encryption event, a data leak, or both, nor does it include any stated ransom amount.

According to the data, there are no screenshots or other images attached to the leak page, with images_count listed as 0 and downloads_present as false. The annotations show no images or links, and the description field appears to be an AI-generated placeholder with minimal context. Because the dataset provides no details on the nature of the compromised data, the type of impact, or the demanded payment, the summary cannot confirm the exact scope of the breach. Nonetheless, the post documents the attack as a listed leak notice tied to the victim and notes the existence of a ransom-claim path.