Ransomware victim disclosure
← All victimsNordstern Technologies
Claimed by Fulcrumsec · listed 2 months ago
Status timeline
- ListedMay 1, 2026
- Data leakeddate unknown
At a glance
- Group
- Fulcrumsec
- Status
- Data leaked
- Country
- Mexico
- Sector
- Technology
- Listed on leak site
- May 1, 2026
About the victim
AI dossier — public-source company profileNordstern Technologies is a Mexican cybersecurity company offering managed security operations (NSOC 24/7), incident response (DFIR), threat intelligence, PCI DSS compliance, privileged access management, and adversary simulation services. The company operates as a Google Cloud SecOps MSSP partner, serving clients primarily in Mexico. It provides both proactive and reactive cybersecurity services across multiple maturity levels.
- Industry
- Managed Security Services (MSSP) & Cybersecurity
Attack summary
Severity: high — The disclosed status is 'data_published', meaning data has reportedly been released publicly. The victim is a cybersecurity/MSSP provider, meaning any exfiltrated data could include sensitive client security configurations, threat intelligence, incident response records, and credentials — posing significant downstream risk to the victim's own customers beyond just the company itself.The group 'fulcrumsec' claims a data-published disclosure against Nordstern Technologies; the status indicates data has been published, though the leak post itself contains no specific details about encryption, exfiltration method, or the nature of the data exposed.
Original description
AI-summarised, not from the leak postN/A
The leak post
captured from the group's siteFulcrumSec Browse victim listings from our recent concept campaigns: Index of /Shame Coming Soon: The Hardcoded Horror Show SLOPOCALYPSE NOW [email protected] Session: 05dc2052b7a29d8661f30cbf0ae4f2093e8c85324a16867df5dd5c24f0364d8b27 Tox: 969F8BE40B09537CD2A5038B9DA4BADE71C5F35DD666CC0D7632A6812D7AF72626D422D22540
Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

