Ransomware victim disclosure
← All victimsFederal Auto Holdings Berhad
Claimed by Obscura · listed 9 months ago
Status timeline
- ListedOct 29, 2025
- Data leakeddate unknown
At a glance
- Group
- Obscura
- Status
- Data leaked
- Country
- Malaysia
- Sector
- Transportation/Logistics
- Listed on leak site
- Oct 29, 2025
- Data size
- 6 GB
- Ransom demanded
- $41.8K
- Estimated revenue
- $41.8
About the victim
AI dossier — public-source company profileFederal Auto Holdings Berhad is a Malaysian automotive group operating vehicle dealerships and related automotive services. The company is listed or registered in Malaysia ('Berhad' denotes a Malaysian public limited company) and is involved in the sale, distribution, or servicing of automobiles. Specific operational scale and founding date are not confirmed from available sources.
- Industry
- Automotive Retail & Dealerships
- Employees
- 201-500
Attack summary
Severity: high — 6 GB of data has been exfiltrated and published/pending publication from a publicly-listed Malaysian automotive holding company, likely containing financial records, business data, and potentially customer PII. The confirmed exfiltration and data_published status elevate this beyond medium severity.The group 'obscura' claims to have exfiltrated approximately 6 GB of data from Federal Auto Holdings Berhad, with the disclosure status listed as 'data_published' and a countdown timer suggesting imminent or active publication. No explicit mention of encryption is made in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate financial records
- Business operational data
- Potentially customer records
- Internal company documents
What the group claims
Revenue: $41.8kk | Leak Size: 6 GB | Status: Pending | Time Left: 7d 18h 57m 21s
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

