Ransomware Group: NIGHTSPIRE

VICTIM NAME: Ingonyama Trust Board

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to the Ingonyama Trust Board, an organization operating within the public sector in South Africa. The attack date is recorded as June 1, 2025, indicating when the compromise occurred. The breach involved approximately 30 GB of data, which has been leaked publicly on the dark web. The leak includes sensitive data that has been compromised by the Threat Group known as Nightspire. The victims’ publicly available domain is ingonyamatrust.org.za, and the breach was discovered a few days after the attack, on June 6, 2025. Evidence suggests that there are no indication of employee or third-party data being accessed or stolen during this incident. The leak comprises data relevant to the organization’s administrative and operational activities, potentially including internal documents and other organizational information.

The compromised information appears to include internal data and possibly documents related to organizational activities. Screenshots referenced in the leak hint at internal documents or system interfaces, although no explicit images are available to verify further details. The leak does not specify any PII or sensitive employee or third-party data, and the incident seems targeted at organizational information rather than individual records. The publicly available details do not indicate any personal identifiers or confidential data that could directly harm individuals. The breach’s technical details, including the size of the leaked dataset, point to a significant data exfiltration associated with the threat actor group Nightspire, known for targeting public institutions for ransomware extortion.