Redirecting... ransomware attack (Hellcat, 2025)
Redirecting... was named on the Hellcat ransomware data-leak (extortion) site on 2025-05-14.
- Victim
- Redirecting...
Incidents attributed to:
Redirecting... was named on the Hellcat ransomware data-leak (extortion) site on 2025-05-14.
Infostealer malware on the endpoints of 15+ Telefónica employees gave the Hellcat ransomware group credentials into the company's internal Jira ticketing system. Social-engineering escalated the access to SSH. The group did not extort — it publicly published 2.3 GB including 24,000 employee emails, 470,000 internal Jira tickets, and 5,000 internal documents.
Car Care Plan - Turkey was named on the Hellcat ransomware data-leak (extortion) site on 2025-01-05.