Ransomware victim disclosure
← All victimsIPG Automotive GmbH
Claimed by Malas · listed 3 years ago
Status timeline
- ListedApr 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Malas
- Status
- Data leaked
- Country
- Germany
- Sector
- Technology
- Listed on leak site
- Apr 9, 2023
About the victim
AI dossier — public-source company profileIPG Automotive GmbH is a German company headquartered in Karlsruhe that develops simulation software, hardware solutions, and consulting services for virtual vehicle development and testing. Their flagship product, CarMaker, supports autonomous vehicle development, ADAS validation, powertrain testing, and vehicle dynamics across passenger cars, commercial vehicles, motorcycles, and defense applications. The company operates internationally with open house events across Germany, China, France, Japan, Korea, Sweden, and the UK.
- Industry
- Automotive Simulation Software & Virtual Vehicle Development
- Employees
- 201-500
Attack summary
Severity: high — Data has been confirmed as published (data_published status) following exploitation of a known Zimbra vulnerability, indicating successful exfiltration of potentially sensitive business and communications data from a specialized automotive simulation software company whose products are used in defense and autonomous vehicle development.The Malas ransomware group claims to have compromised IPG Automotive GmbH by exploiting a Zimbra vulnerability, with the disclosure status indicating data has been published. The post does not specify the volume of exfiltrated data but the breach involved exploitation of the company's mail server infrastructure.
Data the group says was taken
AI dossier — extracted from the leak post- Email communications (via Zimbra mail server)
- Potentially internal business documents
- Potentially employee or customer data
What the group claims
using Zimbra vulnerability
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

