Ransomware Group: NIGHTSPIRE

VICTIM NAME: TeamLease

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NIGHTSPIRE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to an attack on TeamLease, a business services company based in India. The attack was discovered on May 22, 2025, and the incident is reported to have occurred on May 21, 2025. The hackers, identified as part of the group ‘nightspire,’ have claimed responsibility for the breach, which exposed approximately 100 gigabytes of data. The leak includes various stolen information and indicates a significant compromise of internal data. The breach affects multiple employees and third-party entities, demonstrating a substantial impact on the organization’s operational integrity. The disclosed data has been made available online, although specific download links are not provided in the summary.

The leak details the types of stolen information and malicious activities involved. Multiple information-stealing tools, such as Azorult, Raccoon, and RedLine, have been identified as part of the breach, indicating active data exfiltration and information theft. The attack impact involves over 7,000 users and 54 third-party entities, with their respective domains also affected. Visual evidence such as screenshots hints at the exposure of internal documents or sensitive data, although no explicit images are included here. The incident underscores the threat posed by ransomware gangs targeting enterprise clients in the business services sector and highlights the importance of robust cybersecurity measures.