The ransomware group known as Dire Wolf has allegedly added two major corporations from Southeast Asia to its list of victims. The group claims to have successfully breached a prominent Singaporean construction firm and a Malaysian investment group, threatening to leak a significant amount of sensitive data if their demands are not met. The twin attacks highlight the persistent and evolving threat that ransomware poses to businesses across various sectors in the region.
According to the group’s post on their dark web leak site, they have exfiltrated a combined total of over 370 GB of data from the two companies. Dire Wolf has set a deadline of August 30, 2025, for the full publication of the stolen documents, having already released sample files to substantiate their claims. The victims are allegedly:
- Kingsford Development & LEADBUILD Construction Pte Ltd: A Singapore-based civil engineering and construction company. The threat actors claim to have stolen 200 GB of data, including:
- Financial Data
- Sales Data
- Project Drawings
- HCK Capital Group: A Malaysian investment firm. The group alleges the theft of 173 GB of data, which purportedly contains a wide array of highly sensitive information such as:
- Legal Documents
- Financial Documents
- Customer Information
- Insurance and Business Contracts
- Bank Transactions and Statements
- Accounting and Audit Files
- Passport and Tax documents
- Employment Contracts
The nature of the allegedly stolen files, particularly from HCK Capital Group, which includes customer information, passports, and financial records, poses a severe risk of financial fraud and identity theft for the individuals and businesses involved. For Kingsford Development, the exposure of project drawings and financial data could compromise competitive advantages and corporate privacy. These incidents serve as a stark reminder for organizations to bolster their cybersecurity defenses against sophisticated ransomware operations.
