Ransomware Group: PLAY

VICTIM NAME: FLOE Internationa

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a manufacturing company, identified as FLOE International, that was targeted in an attack discovered on June 2, 2025. The incident involves a data breach resulting from a cyber attack that took place in mid-2025. The targeted organization is based in the United States and operates within the manufacturing sector. The compromised system included sensitive internal information, as depicted in the available screenshot, which shows internal documents or data. The attack date is specifically noted as June 2, 2025, with the leak being publicly disclosed shortly thereafter. The leak page contains download links to what appears to be confidential files, indicating a significant data exfiltration event. The website offers evidence of a successful cyberattack, emphasizing the severity of the breach and potential impact on the company’s operations.

The leak page is associated with a group known as “play” and features a claim URL hosted on the dark web, suggesting that the attacker is leveraging anonymity services to distribute the stolen data. Despite the absence of specific victim details beyond the company’s name and sector, the presence of internal screenshots and downloadable data highlights the seriousness of the breach. No personally identifiable information or sensitive individual data are disclosed publicly in the leak summary. The attack’s timing and the release of the data indicate a deliberate effort to pressure the organization or monetize the stolen information. This incident underscores the ongoing risks faced by manufacturing entities and the importance of robust cybersecurity measures to prevent such breaches.