Ransomware victim disclosure
← All victimsAngstrom Automotive Group
Claimed by Pear · listed 7 months ago
Status timeline
- ListedDec 15, 2025
- Data leakeddate unknown
At a glance
- Group
- Pear
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Dec 15, 2025
About the victim
AI dossier — public-source company profileAngstrom Automotive Group is a tier 1 full-service supplier for Automotive and Industrial OEMs, founded in 1999 and headquartered in the United States. The company operates over 20 manufacturing locations across North America, South America, and Europe, offering products including electrification components, resin products, lighting, metal forgings, and machined assemblies. It is NMSDC-certified as a minority-owned business and serves automotive, industrial, and commercial markets.
- Industry
- Automotive & Industrial Components Manufacturing
- Founded
- 1999
Attack summary
Severity: high — Data has been confirmed as published by the threat actor against a tier 1 automotive supplier operating across 3 continents, indicating exfiltration of significant business data from a critical manufacturing supply chain participant. No regulated personal data volume is confirmed, but the industrial and proprietary engineering data exposure at this scale warrants a high severity rating.The 'pear' ransomware group claims an attack on Angstrom Automotive Group and has published data (disclosed status: data_published), though the leak post provides minimal detail on the specific nature of the intrusion, exfiltration, or encryption. No ransom amount or data size has been stated.
What the group claims
Leading tier 1 full-service supplier for Automotive and Industrial OEMs
Sources
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

