Ransomware victim disclosure
← All victimsShimao Group (世茂集团)
listed as www.shimaogroup.com · Claimed by Devman · listed 10 months ago
Status timeline
- ListedSep 15, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- China
- Sector
- Construction
- Listed on leak site
- Sep 15, 2025
About the victim
AI dossier — public-source company profileShimao Group (世茂集团) is a large-scale, internationally oriented Chinese conglomerate headquartered in Shanghai, founded in 1989. It operates two publicly listed entities — Shimao Property Holdings (00813.HK) and Shimao Co. (600823.SH) — with total assets of approximately RMB 416 billion and saleable resources exceeding RMB 1.05 trillion. Its diversified business spans real estate development, commercial operations, hotel management, theme entertainment, property services, finance, education, and high-tech investment across more than 100 cities globally.
- Industry
- Real Estate Development & Diversified Property Investment
- Address
- Shanghai World Shimao Building (上海世茂大厦), Shanghai, China
- Founded
- 1989
Attack summary
Severity: high — Data is reported as published ('data_published') by the threat actor against a major publicly listed Chinese conglomerate with hundreds of billions in assets, implying significant business data exfiltration. The scale and public listing status of the company elevate the impact, though no specific regulated PII volume or critical infrastructure disruption is confirmed.The group 'devman' claims an attack on Shimao Group, with the leak post indicating a ransom demand of USD 91,000,000 and a disclosed status of 'data_published', suggesting data has been exfiltrated and published. No specific data volume or file count was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate financial records
- Investor relations documents
- Employee personal data
- Business strategy documents
- Real estate project data
- Hotel and hospitality operations data
- Partner and contractor records
What the group claims
91000000 USD
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

