Ransomware victim disclosure
← All victimsnanoCAD
Claimed by Malas · listed 3 years ago
Status timeline
- ListedApr 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Malas
- Status
- Data leaked
- Country
- Russia
- Sector
- Technology
- Listed on leak site
- Apr 9, 2023
About the victim
AI dossier — public-source company profilenanoCAD is a software company developed by Nanosoft that produces affordable 2D/3D CAD software for professionals in mechanical engineering, architecture, building design, and construction. Its flagship product, nanoCAD 26 Platform, is fully compatible with the industry-standard DWG format and is used by thousands of designers and engineers worldwide. The company also offers specialized modules for disciplines such as 3D solid modeling, topographic planning, and 3D scan processing.
- Industry
- CAD Software Development
Attack summary
Severity: high — Data has been published (disclosed status: data_published) following confirmed exploitation of a known Zimbra vulnerability, indicating successful exfiltration of internal data from a software company whose products are used across sensitive engineering and infrastructure sectors. The attack vector (email server compromise) likely exposed internal communications and potentially source code or customer data.The Malas ransomware group claims to have compromised nanoCAD by exploiting a Zimbra vulnerability, resulting in data being published. No ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Email server data (via Zimbra exploit)
- Internal communications
- Corporate files
What the group claims
using Zimbra vulnerability
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

