Ransomware Group: SAFEPAY

VICTIM NAME: codesco[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a technology company operating under the domain “codesco.com”. The attack was publicly disclosed on June 14, 2025, indicating a recent compromise. The company’s primary activities involve developing advanced software solutions across various industries, emphasizing innovation, efficiency, and problem-solving. Despite their technological focus, the attack was carried out by a group affiliated with “safepay,” showcasing the threat posed to service providers in the technology sector. The incident involved the deployment of an infostealer malware named “RedLine,” which has compromised data of four users associated with the company. The threat actors have provided a screenshot of the company’s website in the leak, highlighting the breach’s informational content without revealing sensitive details.

The leak page indicates the attacker was able to access some internal data, possibly including employee or client information, although no specific PII is presented in the available details. No additional compromise dates or sensitive personally identifiable information are disclosed, maintaining a focus on the technical breach aspect. The publication includes a link to a claim URL, which likely provides further details or download options for leaked data, but such content remains unspecified here. The presentation of this incident underscores the importance of cybersecurity vigilance for technology firms dealing with proprietary and client data. The screenshot suggests the attacker aimed to demonstrate their access or damage, possibly as part of a broader extortion or awareness campaign.