Ransomware Group: DRAGONFORCE

VICTIM NAME: Setpoint Systems

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Setpoint Systems, a US-based company specializing in automation integration and manufacturing equipment. The breach was discovered on April 16, 2025, while the attack is dated April 15, 2025. The leak involves sensitive information related to the company’s technological and operational data, although specific PII or confidential details have been redacted to protect privacy. The page features a screenshot illustrating some internal documents or system interfaces, emphasizing the seriousness of the breach. The leak is associated with the threat group “dragonforce” and includes indications of data exfiltration, such as the presence of download links and references to stolen data. No specific details about the compromised data contents are provided but access points seem to include several internal files or information repositories.

Setpoint Systems is renowned for its automated manufacturing solutions within the industrial sector, employing methodologies designed to enhance productivity and quality. The hacking incident suggests an attack aimed at disrupting operations or extracting valuable technological data. The leak page underscores the threat group’s capabilities and intent to expose or monetize the stolen information. The publicly shared screenshot adds visual evidence of the breach, potentially showing internal dashboards or proprietary diagrams. While no personally identifiable information or customer data is explicitly mentioned, the incident highlights the importance of cybersecurity measures for companies operating in the technology and manufacturing sectors. The attack’s timing and the leak’s contents indicate a targeted effort to undermine the company’s operational security.