Ransomware victim disclosure
← All victimsInfraestructures de Catalunya (Generalitat de Catalunya)
listed as infraestructures.cat · Claimed by Apos · listed 1 year ago
Status timeline
- ListedJun 12, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileInfraestructures.cat is a public portal operated by the Generalitat de Catalunya (Government of Catalonia) for infrastructure project management, transparency, and public procurement. It provides information on infrastructure projects, European funding, contractor profiles, and administrative procedures for the autonomous community of Catalonia, Spain.
- Industry
- Government & Public Administration
Attack summary
Severity: critical — Target is a Spanish government infrastructure body with access to sensitive public procurement, contractor data, and infrastructure project details. Exfiltration of government data at this scale, combined with threat of publication, constitutes critical severity despite no proof files yet published.The APOS group claims to have compromised the main server and exfiltrated all data, threatening to publish within 15 days if ransom demands are not met via their support portal.
Data the group says was taken
AI dossier — extracted from the leak post- Infrastructure project data
- Public procurement records
- Contractor information
- European funding details
- Administrative documents
- Transparency portal data
What the group claims
We have compromised your main server infraestructures.cat we also took copy of all the data. We give you 15 days before we leak the data. this can only be resolved threw our support portal we provided. Do the right thing before things get worse.
Sources
- Victim siteinfraestructures.cat
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

