Ransomware victim disclosure
← All victimsdoosan.com
Claimed by Settra · listed 5 days ago
Status timeline
- ListedJun 28, 2026
- Data leakeddate unknown
At a glance
- Group
- Settra
- Status
- Data leaked
- Country
- South Korea
- Sector
- Manufacturing
- Listed on leak site
- Jun 28, 2026
About the victim
AI dossier — public-source company profileDoosan Group is a South Korean conglomerate founded in 1896, operating through multiple subsidiaries including Doosan Bobcat (compact equipment), Doosan Enerbility (power plants), Doosan Robotics, and Doosan Fuel Cell. The group manufactures industrial machinery, power generation systems, and advanced technologies across global markets.
- Industry
- Heavy Machinery & Equipment Manufacturing; Power Generation; Robotics
- Founded
- 1896
Attack summary
Severity: high — Confirmed exfiltration of 3.27 terabytes of data from a major multinational manufacturer with global operations. Alleged exposure of product defects, internal secrets, and sensitive technical documentation poses significant business and reputational risk. Data already published with no ransom demand suggests deliberate public disclosure.The SETTRA group claims to have exfiltrated approximately 3.27 terabytes of files from Doosan, Geith, and Bobcat operations, alleging the data demonstrates how the company 'buries defects and protects its secrets.' The post indicates data publication with no ransom demand stated.
Data the group says was taken
AI dossier — extracted from the leak post- Technical documentation
- Product defect records
- Internal communications
- Business secrets
- Engineering files
What the group claims
How Doosan / Geith / Bobcat Buries Defects and Protects Its Secrets PROLOGUE: 3.27 TERABYTES OF FILE...
Sources
Source
Indexed 5 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

