Ransomware Group: LOCKBIT3

VICTIM NAME: aqhch[.]com[.]cn

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LOCKBIT3 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware threat targets the website of Heng Chang Machinery Co., Ltd (HCH), a well-established manufacturer specializing in production equipment for disposable hygiene products. The attack occurred on April 16, 2025, and was publicly disclosed shortly after, with the data breach confirmed on the same day. The leak includes sensitive information related to the company’s operations, highlighting the severity of the incident. The attackers, identified as part of the LockBit group, have published a claim link on their dark web portal, providing proof of the breach. The threat actor has shared a screenshot of the victim’s website, which shows internal system information, emphasizing the scale of the compromise.

The leak page features a visual screenshot capturing internal documents or system layouts, which indicates that critical business data was exposed. Although no specific Personally Identifiable Information (PII) or employee details are included, the public disclosure suggests potential operational disruption. The targeted company is based in China, with the compromised website hosting on the domain aqhch.com.cn. The attack’s public claim underscores the danger posed by ransomware groups in compromising industrial and manufacturing sectors, with the incident serving as a reminder of cybersecurity vulnerabilities faced by global manufacturers. No additional download links or data files are explicitly mentioned beyond the leak claim itself.