Ransomware Group: THREEAM

VICTIM NAME: leonardo[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the THREEAM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with the victim identified as Leonardo, a well-known global aerospace, defense, and security company, details a significant data breach affecting their operations. Established in 1948 and headquartered in Rome, Italy, Leonardo specializes in advanced technologies, including helicopters, security electronics, aeronautics, and space defense systems. The leak indicates that critical information concerning both users and third-party entities has been compromised, emphasizing potential vulnerabilities within the company’s systems and data management processes.

According to the extracted information, the ransomware group’s name is threeam, and they have disclosed data regarding 39 users and 62 third-party entities. Although specific data related to individuals is not mentioned, the presence of such statistics highlights the serious implications of this breach. The leak page was discovered and published on February 13, 2025, indicating a timely awareness and potential response needed from the affected organization to mitigate risks. It is important for Leonardo to assess the consequences of this incident, enhance their cybersecurity measures, and communicate with relevant stakeholders regarding the potential impact of this breach.