Ransomware Group: NIGHTSPIRE

VICTIM NAME: Tan Logistics in Turkey

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Tan Logistics, a company operating within the transportation and logistics sector in Turkey. The breach was publicly disclosed on May 26, 2025, with the attack having occurred a few days earlier on May 23, 2025. The compromised data includes approximately 200 GB of information, indicating a significant data breach. Although specific details of the leaked data are not provided, the sizable volume suggests sensitive operational information may have been exposed. The page does not contain direct download links or visible evidence of data leaks such as screenshots or documents. The incident highlights the ongoing threat to logistics companies in the region, emphasizing the importance of cybersecurity measures for protecting critical business data. The website linked to the victim’s domain is provided, but no additional files or images are referenced or available. As the attack details are limited, organizations are advised to review their security protocols accordingly.

The breach involved a threat actor group known as ‘nightspire’, which is associated with targeted ransomware operations. The attack’s date suggests the incident was recent, and the large amount of data stolen indicates a potentially disruptive event for Tan Logistics. The company’s operations in Turkey underscore the regional impact of the cyber incident, especially given the strategic importance of logistics companies to national infrastructure. No further sensitive or personally identifiable information is explicitly disclosed on the leak page. The absence of visual evidence or direct leaks signifies either a limited leak or an initial announcement before detailed data publication. Organizations in the transportation sector should remain vigilant, ensuring their cybersecurity measures are robust to prevent similar attacks in the future.