Ransomware victim disclosure
← All victimsUniversity of Belgrade
listed as bg.ac.rs · Claimed by Apt73 · listed 3 months ago
Status timeline
- ListedApr 27, 2026
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileThe University of Belgrade (Univerzitet u Beogradu) is the oldest and largest university in Serbia, founded in 1808 and celebrating 215 years of higher education. It comprises numerous faculties, institutes, and a central library, offering undergraduate, postgraduate, and doctoral programmes across a wide range of disciplines. It is ranked among the top 401–500 universities globally and serves tens of thousands of students.
- Industry
- Higher Education
- Address
- Studentski trg 1, 11000 Belgrade, Serbia
- Employees
- 5000+
- Founded
- 1808
Attack summary
Severity: high — Data has been published (disclosed status: data_published) and the exfiltrated content includes financial reports and internal institutional documents from a major public university, representing significant organisational and potentially personal data exposure at scale.The group apt73 claims to have exfiltrated internal documents, letters, attachments, and financial reports from the University of Belgrade, with data published as disclosed. No ransom amount was stated and the total data size was not specified in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Internal documents
- Official correspondence / letters
- Email attachments
- Financial reports
What the group claims
University of Belgrade. Internal documents, letters, attachments, financial reports. Total size: ...
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

