Ransomware Group: STORMOUS

VICTIM NAME: French Gov 2025

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the STORMOUS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak, attributed to the threat group Stormous, involves a significant data breach targeting the French government. The compromised data includes full email addresses and password hashes from several high-profile government organizations in France, such as Carsat, Finance, Retraite, and IGAS. The breach was discovered on May 23, 2025, and the data leak appears to encompass a substantial amount of information, although the exact size of the data remains unspecified. The leak is publicly accessible through a dedicated dark web claim URL, which is provided for verification purposes. The victim’s sector is the public sector, emphasizing the sensitivity and potential impact of this breach on governmental operations and citizen data security.

The ransomware group Stormous has shared a screenshot associated with this attack, which depicts internal documents or data portals, suggesting the scale and severity of the breach. The leak includes sensitive information that could be exploited for further malicious activities, though specific details of the data contents are not disclosed in this summary. The breach underscores the ongoing threats faced by governmental institutions from organized cybercriminal groups, especially those involved in data exfiltration and extortion campaigns. Additional information indicates that the leaked data potentially includes multiple high-importance government domains, which makes this incident particularly noteworthy for national cybersecurity efforts.