Skip to main content

Ransomware victim disclosure

All victims

Altar Group

listed as ALTARGRUP · Claimed by Cyclops · listed 3 years ago

36m
Age
since listed · data leaked

Status timeline

  1. ListedJul 1, 2023
  2. Data leakeddate unknown

At a glance

Group
Cyclops
Status
Data leaked
Country
Turkey
Listed on leak site
Jul 1, 2023

About the victim

AI dossier — public-source company profile

Altar Group (ALTARGRUP) is a Turkish conglomerate founded in 2012 operating across six business areas: mobile phone insurance, device renewal/refurbishment (Novo Mobil), domestic and foreign trade, agriculture and animal husbandry technology, and software and consultancy. The company provides damage assessment and repair services for electronic devices on behalf of leading insurers, and develops business intelligence software and IoT-based solutions for the agriculture sector. It operates on both national and international scales.

Industry
Diversified Technology & Insurance Services
Founded
2012

Attack summary

Severity: high — Data has been confirmed published by the threat actor. The company handles mobile phone insurance claims and customer device data at scale, likely including PII and financial/insurance records across multiple business verticals, representing significant business and potentially regulated data exposure.

The Cyclops ransomware group claims to have published data belonging to Altar Group, with the disclosure status listed as 'data_published', indicating exfiltration and public release of company data. No specific ransom amount or data volume was stated in the post.

high

Data the group says was taken

AI dossier — extracted from the leak post
  • Customer records
  • Insurance claim data
  • Device repair and service records
  • Business intelligence software data
  • Trade and commercial documents
  • Consultancy project files
  • Agricultural/IoT project data

What the group claims

Within the roof of Altar Group, the foundations of which were laid in 2012; We operate in 6 different areas: mobile phone insurance, renewal center, domestic and foreign trade, agriculture animal husbandry, software and consultancy. As Altar Group, our corporate strategy is to expand the knowledge and experience we have gained in all areas in which we operate and to carry out studies that will benefit the environment and society. In this direction, with our team of versatile professionals, we continue to work to carry forward all the sectors we are in with a service understanding based on quality and trust in national and international dimensions.We carry out damage assessment and repair activities with the insurance service we provide to the leading companies in the electronic devices sector. In this context, we offer repair and service packages that best meet the needs and demands of consumers for devices such as smartphones and tablets, which have become one of the needs of daily life. While carrying out all these activities, our priority is to provide and maintain customer satisfaction by providing high quality and fast service. With Novo Mobil, our Ministry of Commerce approved renewal center, we examine second-hand devices with precision and perform all necessary cleaning and parts replacement processes and offer the best quality devices back to use. Thanks to this sustainable business model, we both extend the hardware life of the devices and contribute to the reduction of technological waste.We are constantly working, developing and developing with our expert team with a focus on carrying forward the expertise and knowledge we have gained since the day we were established at every stage and producing innovative projects using this information. In this process, by accurately analyzing customer demands and the needs of the market, we make our strategic planning in the best way and carry out the processes in a controlled manner. With the business intelligence software we have developed in order to make process management in the best and simplest way, we offer solutions to the market to facilitate cumbersome management and business follow-up processes. In the light of all the experiences we have gained, we offer project consultancy services with all our transparency to the companies that request it in order to gain a place in the market and to take the right steps.When we analyze the needs of the national market, we can clearly see that technological studies and investments in the field of Agriculture and Livestock are at the initial level and that the awareness of Agriculture 4.0 has not yet been established in our society. In this context, with our internet of things based device and software solutions we have developed, our studies that will increase productivity by offering the right methods and tools in both agricultural production and livestock care are in the project development and testing phase. We continue to contribute to growth and social economy by transforming all the projects we develop and carry out into services and products on a national and international scale.

Source

Indexed 3 years ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About cyclops

Cyclops is a relatively minor ransomware group that emerged in July 2023, operating with apparent financial motivations and maintaining a low profile compared to established ransomware families. The group's origin and affiliations remain largely undocumented in public threat intelligence reporting, with limited information available regarding their operational structure or potential ties to other cybercriminal organizations. Based on available data, Cyclops has demonstrated geographically diverse targeting patterns, with documented victims spanning Australia, China, and Guatemala, though their specific attack methodologies, initial access vectors, and encryption techniques have not been extensively analyzed or reported by major security firms or law enforcement agencies. With only seven known victims documented since their emergence, the group represents a relatively small-scale operation that has not conducted any widely publicized high-profile attacks or drawn significant attention from cybersecurity researchers or law enforcement disruption efforts. Current intelligence suggests the group remains active but operates at a scale significantly below major ransomware families that typically dominate threat landscape reporting. The group has been linked to 7 public disclosures across our corpus. First observed on a leak site on July 1, 2023; most recent post July 26, 2023. The operation is currently inactive.

Timeline of this disclosure

  • July 1, 2023ALTARGRUP listed by cyclopson the group's public leak site

Sector and geography

This disclosure adds to ransomware activity in the Financial Services sector, which has 1,184 disclosures indexed across all operators we track. Geographically, ALTARGRUP is reported in Turkey, a country with 77 ransomware disclosures in our corpus.

If your organisation is affected

A listing by cyclops means ALTARGRUP appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Monitor for the data appearing on cyclops's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.