worldleaks
Ransomware group profile
Description
WorldLeaks is a cyber threat group that emerged in January 2025 as a rebranding of Hunters International, focusing on a pure data extortion model instead of traditional ransomware. They have developed a comprehensive Extortion-as-a-Service (EaaS) platform that aids affiliates in data theft, adopting sophisticated techniques to evade detection and exert pressure on victims through reputational damage.
Key insights
- •WorldLeaks operates primarily through the exploitation of compromised VPN credentials lacking Multi-Factor Authentication (MFA).
- •The group has a unique four-platform infrastructure, which includes a data leak site and a victim negotiation portal.
- •They utilize living-off-the-land techniques and process injection to evade detection.
- •A notable method for initial access is the deployment of a custom rootkit called OVERSTEP on SonicWall SMA appliances.
- •Although primarily focused on data extortion, there are reports of encryption being used in some attacks.
- •WorldLeaks leverages a journalist portal to amplify reputational damage against victims, increasing pressure for compliance.
- •Their extortion model combines financial demands with threats of public data leaks to coerce victim organizations.
Threat Level & Status Breakdown
For worldleaks · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for worldleaks in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for worldleaks
- 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
- c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for worldleaks
T1486
T1486
T1490
T1490
T1078
T1078
T1021
T1021
T1562
T1562
T1059
T1059
T1047
T1047
T1021.001
T1021.001
T1566.001
T1566.001
T1190
T1190
T1071.002
T1071.002
T1075
T1075
Victims(124)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Reliance Group | reliancegroupindia.com | IN India | Financial Services | Claimed | 9 days ago | |
| Tata Electronics | tataelectronics.com | IN India | Manufacturing | Claimed | 10 days ago | |
| First Federal Savings & Loan | firstwithus.com | US United States | Financial Services | Claimed | 10 days ago | |
| Centra Sota Cooperative | centrasota.com | US United States | Other | Claimed | 10 days ago | |
| M1xchange | m1xchange.com | IN India | Technology | Claimed | 10 days ago | |
| Apollo Pipes | apollopipes.com | IN India | Manufacturing | Claimed | 10 days ago | |
| GDL Transport | gdl.se | SE Sweden | Transportation | Claimed | 10 days ago | |
| Access Dental | accessdentalclinics.com | US United States | Healthcare | Claimed | 14 days ago | |
| United Auto Supply | unitedautosupply.com | US United States | Manufacturing | Claimed | 15 days ago | |
| CH Karnchang Public | ch-karnchang.co.th | TH Thailand | Other | Claimed | 15 days ago | |
| American Battery Factory | americanbatteryfactory.com | US United States | Manufacturing | Claimed | 22 days ago | |
| BMJ Paperpack | bmjpaperpack.com | ID Indonesia | Manufacturing | Claimed | 28 days ago | |
| Bestat Pharmaservices Corp. | bestat.com.tw | TW Taiwan | Healthcare | Claimed | about 1 month ago | |
| Peyton Law Firm | peytonlaw.com | US United States | Professional Services | Claimed | about 2 months ago | |
| Ceywater Consultants | ceywater.com | LK Sri Lanka | Professional Services | Claimed | about 2 months ago | |
| SMTA Sherwood Mutual Telephone Association | smta.cc | US United States | Technology | Claimed | about 2 months ago | |
| Mediaworks Kft | — | HU Hungary | Professional Services | Claimed | about 2 months ago | |
| DIME Distribuidora | — | BR Brazil | Retail & E-Commerce | Claimed | about 2 months ago | |
| Carma Packaging | — | IN India | Manufacturing | Claimed | about 2 months ago | |
| Intikom | — | ID Indonesia | Technology | Claimed | about 2 months ago |
Page 1 of 7
Affected countries(45)
Countries where this group has been reported to target or leak victims.