Ransomware victim disclosure
← All victimsARM
Claimed by D1R · listed 2 days ago
Status timeline
- ListedJul 13, 2026
- Data leakeddate unknown
At a glance
- Group
- D1R
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Technology
- Listed on leak site
- Jul 13, 2026
About the victim
AI dossier — public-source company profileArm is a global semiconductor and intellectual property (IP) licensing company headquartered in the United Kingdom. It designs processor architectures and tools used across cloud computing, AI, mobile devices, automotive, and embedded systems, operating under a licensing business model rather than manufacturing.
- Industry
- Semiconductor & IP Licensing
Attack summary
Severity: high — Confirmed exfiltration of internal tools and certificates that enable bypass of multi-factor authentication on Arm's primary distribution infrastructure. This compromises the integrity of software supply chains for multiple downstream companies relying on Arm IP and tools. The attack undermines security controls protecting sensitive IP licensing and deployment workflows.D1R claims access to an Arm facility via credentials obtained from a Synopsys data breach. The group extracted the 'Athena Download Manager' tool, which uses an SSL certificate to bypass Arm's multi-factor authentication (email/SMS 2FA) controls on file downloads from arm.com.
Data the group says was taken
AI dossier — extracted from the leak post- Athena Download Manager tool
- SSL certificates for Arm product companies
- Internal deployment/access tooling
What the group claims
Thanks to leaked database by Synopsys, a roadmap was provided Many other group leaks were cross-referenced and thoroughly analyzed One of the leaked companies gave our team access to ARM center Severely incapacitated by 2FA email/sms-code required by ARM on every step, we were still able to download an interesting tool: Athena Download Manager That requires an SSL certificate of a company that owns ARM products, and downloading by means of Athena allows to bypass multiple 2FA checks that are required when downloading same files from www.arm.com This is now free for download to any reverse engineer on Earth and beyond, thanks to Synopsys company data negligence:
Sources
- Victim sitearm.com
Source
Indexed 2 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

