Ransomware Group: TEAMXXX

VICTIM NAME: Scania[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the TEAMXXX Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Scania, a prominent Swedish company specializing in the manufacture of heavy trucks, buses, and industrial diesel engines. The attack was publicly disclosed on August 3, 2025, and the discovery of the leak was reported a day later on August 4, 2025. The incident involves cybercriminals associated with a group identified as “teamxxx.” The leak includes a screenshot illustrating the compromised data, highlighting the severity of the breach. Although specific details of the data stolen are not disclosed, the leak indicates that sensitive information related to the company’s operations might have been accessed or exfiltrated. The leak has generated concern within the transportation and industrial sectors, particularly given the company’s global footprint and its emphasis on sustainability and innovative transportation solutions.

This incident underscores the ongoing cyber threats faced by large industrial manufacturers and transportation firms. The leak page provides a claim URL on the dark web, suggesting that the perpetrators are asserting they have access to proprietary or confidential information. While no explicit details about the compromised data are provided, the inclusion of a screenshot hints at the potential disclosure of internal documents or sensitive communications. The attack’s timing and the public availability of the leak serve as cautionary indicators for the importance of robust cybersecurity measures within industrial and transportation sectors, especially for companies operating across multiple international markets.