Ransomware victim disclosure
← All victimsPT Danareksa (Persero)
listed as www.danareksa.com · Claimed by Stormous · listed 8 months ago
Status timeline
- ListedNov 6, 2025
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- Indonesia
- Sector
- Financial Services
- Listed on leak site
- Nov 6, 2025
About the victim
AI dossier — public-source company profilePT Danareksa (Persero) is an Indonesian state-owned enterprise (BUMN) functioning as a holding company specialising in transformation and information services. Its subsidiaries span financial services (Danareksa Finance, Danareksa Capital, Perusahaan Pengelola Aset), industrial estates, construction (Nindya Karya), and media & technology (Balai Pustaka, Kliring Berjangka Indonesia, Jalin Pembayaran Nusantara). As a government-linked conglomerate, it operates across multiple sectors throughout Indonesia.
- Industry
- State-Owned Investment Holding & Financial Services
Attack summary
Severity: critical — PT Danareksa is an Indonesian state-owned financial holding company with subsidiaries in financial services, payment clearing, and government-linked operations. Confirmed VPN access to its internal network with data published status implies potential exposure of regulated financial data, government-linked business data, and sensitive infrastructure credentials at significant scale.Stormous claims to have obtained VPN access to PT Danareksa's internal network, indicating a network intrusion with potential for lateral movement and data exfiltration; the disclosure status is 'data_published', though no specific data volume or file inventory was detailed in the post.
Data the group says was taken
AI dossier — extracted from the leak post- VPN/internal network access credentials
- Internal network data
What the group claims
VPN access to the company’s internal network is provided
Sources
- Victim sitewww.danareksa.com
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

