Ransomware victim disclosure
← All victimsDalim Software GmbH
Claimed by Malas · listed 3 years ago
Status timeline
- ListedApr 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Malas
- Status
- Data leaked
- Country
- Germany
- Sector
- Technology
- Listed on leak site
- Apr 9, 2023
About the victim
AI dossier — public-source company profileDalim Software GmbH is a German software company that develops and markets the FUSION platform, a suite of tools covering digital asset management, online proofing, workflow automation, pre-flight file checking, and project management. The company serves a broad range of industries including print production, packaging, publishing, brands, agencies, and government/defense sectors. It holds ISO-27001 security accreditation and operates internationally with multi-language support.
- Industry
- Print & Publishing Software / Digital Asset Management
Attack summary
Severity: high — Data has been published (confirmed exfiltration), the attack vector was a known Zimbra vulnerability likely exposing email and communications data, and the victim serves government and defense clients, elevating the potential sensitivity of the compromised information.The Malas ransomware group claims to have compromised Dalim Software GmbH by exploiting a Zimbra vulnerability and has published data (disclosed status: data_published). The post does not specify the volume or precise nature of the exfiltrated data.
Data the group says was taken
AI dossier — extracted from the leak post- Email server data (via Zimbra vulnerability)
- Internal communications
What the group claims
using Zimbra vulnerability
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

