
An investigation into the Aur0ra ransomware incident affecting ALS Global. We break down the risks associated with the exfiltrated administrative and financial data.


If your team may be exposed to a similar threat, FemtoSec can help validate blast radius, prioritize remediation, and connect the issue to a practical security program.
KTR Real Estate Advisors has suffered a significant data compromise, with 206 GB of financial records and proprietary architectural data exfiltrated by the ANUBIS ransomware group.

June 23, 2026
Corporación Primax S.A., Peru's prominent energy and fuel distributor, has been targeted by the Aur0ra ransomware syndicate. The attackers claim to have stolen sensitive operational files, databases, and customer records, demonstrating a dangerous trend in stealthy, non-renaming encryption methods.

June 27, 2026
The Redact ransomware group, an extortion-only offshoot linked to UNC6671, has targeted FCCI Insurance Group, stealing 145 GB of corporate data. The group bypassed multi-factor authentication by utilizing advanced voice phishing (vishing) and session hijacking to execute automated cloud-to-cloud data extraction.
Onion URL
http://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/als-global-26ffdd79
The Aur0ra ransomware group has claimed responsibility for a security breach targeting ALS Global, an organization operating within the international trade and development sector. According to the group's communications, the breach resulted in the exfiltration of a significant volume of organizational data. This includes administrator password files, a 1Password emergency kit, banking details, salary negotiation documentation, and various certificate files. The threat actors have signaled their intent to publish this sensitive information within a short timeframe, presenting an immediate risk of secondary exploitation and long-term damage to organizational integrity.
The exfiltration of administrator password files and a 1Password emergency kit represents a worst-case scenario for internal security. When attackers gain access to privileged identity stores, they move from being external threats to having the equivalent of 'keys to the kingdom.' This level of access typically enables the threat actor to bypass existing authentication boundaries, create persistent backdoors, and facilitate lateral movement across the enterprise network.
For any enterprise, protecting the identity perimeter is the first line of defense. If your organization is facing similar challenges, our Penetration Testing can help identify gaps in your identity and access management architecture before a breach occurs.
Free exposure check
Dark Web Scanner
check dark web mentions, compromised account indicators, malware log signals, public breach exposure, and recent underground market activity for your domain.
The exposure of salary documentation and bank account details adds a layer of operational and regulatory risk. Beyond the immediate ransomware threat, the leakage of such PII (Personally Identifiable Information) and financial records can lead to severe compliance violations under international standards. Moreover, the presence of certificate files suggests that the attackers may be able to masquerade as the organization in digital communications or bypass secure communication protocols.
To mitigate the risk of such massive data exposure, organizations must adopt a proactive, offensive-security mindset. This involves moving beyond reactive patching toward a model of continuous validation. Our Attack Surface Management solutions are designed to uncover exposed infrastructure assets that attackers might target to gain an initial foothold.
When an incident of this magnitude occurs, immediate identity rotation is paramount. Every credential mentioned in the stolen files must be treated as compromised. Furthermore, organizations should conduct a forensic review of logs to determine the initial access vector. Was it a vulnerable edge device? A misconfigured cloud bucket? Or perhaps a social engineering attack? Understanding the root cause is essential to ensure that the same vulnerability is not re-exploited.
FemtoSec provides a specialized operating model for enterprises seeking to harden their defenses. By leveraging deep expertise in offensive security, we help you align your compliance posture with operational security requirements, ensuring your business remains resilient against evolving ransomware tactics.