Fr Express, an Internet Service Provider (ISP) based in Bangladesh, has allegedly been compromised, with sensitive operational data leaked on a dark web forum. The breach was announced in November 2025 by a threat actor who claimed to have exfiltrated the company’s internal source code and databases. The leaked data structure appears to confirm the use of the “ABillS” billing system, a common platform for ISPs, alongside various administrative and operational modules.
According to the actor and the file structure provided, the compromised data includes:
-
Source Code: Complete directory trees for the ISP’s billing and management systems.
-
Billing System Data: Files related to “Abills,” including administrator and user controllers.
-
API Configurations: Extensive API directories, including “swagger” schemas and administrative paths.
-
Databases: References to “MySql” and “DbaSql” data, potentially containing customer or operational records.
-
Mail & SMTP Configs: Directories for mail templates and configurations.
-
Network & Equipment Tools: Modules for managing equipment (e.g., Mikrotik, GPON), IP address blocks, and monitoring tools.
-
Payment System Integrations: Directories related to “Paysys” and various payment gateways.












