Ransomware Group: NIGHTSPIRE

VICTIM NAME: Petroquim Chile

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Petroquim Chile, an entity operating within the energy sector in Chile. The attack was publicly disclosed on June 10, 2025, with the compromise date being June 9, 2025. The incident involved the exfiltration of approximately 70 GB of data. The leak page does not contain specific information about the type of data compromised or the methods used in the attack, but it suggests a significant breach affecting the company’s operations or confidential information. The page may include visual evidence such as screenshots of compromised data or internal documents, although none are provided or publicly available at this time.

There is no publicly available information about individual employee details, third-party involvement, or specific data leaks beyond the stated data size. The attackers, identified as part of the group “nightspire,” have publicly acknowledged the breach without issuing a ransom demand. The leak appears to target sensitive corporate information, potentially impacting the company’s operational integrity within the energy industry in Chile. No additional press releases or threat details have been disclosed, and the incident remains under investigation. The publicly accessible URL links to a platform that archives ransom campaigns, indicating this breach is part of ongoing cybercriminal activity targeting critical infrastructure sectors.