Ransomware victim disclosure
← All victimsSharjah Electricity, Water and Gas Authority
listed as shj.ae · Claimed by Apt73 · listed 3 months ago
Status timeline
- ListedApr 27, 2026
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- United Arab Emirates
- Listed on leak site
- Apr 27, 2026
About the victim
AI dossier — public-source company profileSharjah Electricity, Water and Gas Authority (SEWA) is a government-owned utility authority operating in Sharjah, United Arab Emirates. It is responsible for the supply and distribution of electricity, water, and gas services across the emirate of Sharjah. As a public authority, it serves residential, commercial, and industrial customers throughout the region.
- Industry
- Government-owned Utility (Electricity, Water & Gas)
- Address
- Sharjah, United Arab Emirates
Attack summary
Severity: critical — The victim is a government-owned critical infrastructure utility (electricity, water, and gas) serving an entire emirate; any confirmed data exfiltration or operational disruption of such an entity meets the critical threshold due to public safety implications, potential PII at scale, and critical infrastructure exposure.The group APT73 claims to have attacked Sharjah Electricity, Water and Gas Authority (SEWA), with the disclosure status indicating data has been published; no ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Government utility operational data
- Customer records (likely)
What the group claims
Sharjah Electricity, Water, and Gas Authority (sec.shj.ae) is a government-owned utility in Sharj...
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

