Ransomware Group: SPACEBEARS

VICTIM NAME: Panorama

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SPACEBEARS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Panorama is identified as the victim in a leak post attributed to the threat group spacebears. The page is dated 2025-08-16 and presents a data-leak scenario rather than a system encryption event, claiming that sensitive data was exfiltrated from Panorama’s network. The attackers enumerate data categories they allege to have stolen, including a database, financial documents, and personal information of employees and clients. The content also incorporates marketing material tied to Panorama’s real estate activities, mentioning a property portal at panorama1[.]net, and it notes a downloadable file with a 2024 date, accompanied by a single access link. The post shows three image attachments—hosted on onion domains—and frames the incident as a data leak rather than an encryption incident. No ransom amount is provided within the available data.

Metadata accompanying the leak page indicates 905 views and a post date of 2025-08-16. The page includes three image attachments and one download link; the images are hosted on onion domains, and the download appears to be a file associated with 2024. The leak page explicitly mentions “Database,” “Financial documents,” and “Personal information of employees and clients” as data categories purportedly compromised, although PII is redacted in this summary. The post also references a real estate portal and promotional content, but no explicit encryption details or ransom figures are present in the supplied data. URLs are defanged in this summary, and any non-English phrases have been translated to neutral English while preserving context.