Ransomware victim disclosure
← All victimsSITAV SpA
Claimed by Dragonforce · listed 20 hours ago
Status timeline
- ListedJul 14, 2026
- Data leakeddate unknown
At a glance
- Group
- Dragonforce
- Status
- Data leaked
- Country
- Italy
- Sector
- Manufacturing
- Listed on leak site
- Jul 14, 2026
About the victim
AI dossier — public-source company profileSITAV SpA is an Italian leader in maintenance, construction, and restoration of railway vehicles including high-speed trains, regional carriages, trams, and subways. Since its founding, the company has provided corrective and ordinary maintenance services primarily for Trenitalia and other major Italian and European transport operators, with operational facilities in Milan, Cairo Montenotte, and Rottofreno.
- Industry
- Railway Vehicle Maintenance & Manufacturing
- Address
- Viale Bianca Maria 35, 20122 Milano (MI), Italy
Attack summary
Severity: medium — Data published status confirmed with no ransom demand and no proof count provided. Target is a critical infrastructure supplier (railway maintenance) with access to sensitive transport systems, but lack of specifics on data type/volume and no operational disruption evidence limits assessment to medium.The dragonforce group claims to have compromised SITAV's systems and published exfiltrated data. No specific details on encryption, operational disruption, or data categories are stated in the post.
What the group claims
SITAV specializes in the construction, maintenance, revision, and restoration of trains and railway vehicles, ensuring maximum efficiency for high-speed trains, regional transport carriages, trams, and subways. The company has been operational since its founding, providing corrective and ordinary maintenance services primarily for Trenitalia. With a focus on innovation and safety, SITAV employs a team of experts and advanced technologies to guarantee that every vehicle is in perfect operational condition. Their services also include revamping, which modernizes existing trains to enhance the travel experience.
Sources
Source
Indexed 20 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

