Netstar, a vehicle-tracking and stolen-vehicle recovery company based in South Africa, has allegedly suffered a ransomware attack.
The cyberattack reportedly compromised data belonging to 17 employees and affected multiple associated third-party domains, putting sensitive user information at risk.
According to RedPacket Security, the breach was discovered on May 23, 2025, with the threat actors encrypting all files on Netstar’s systems.
The hacking group known as “devman” has claimed responsibility and is demanding a ransom of approximately $1.2 million. The same hacking group that claimed responsibility for the denied Kenya National Social Security Fund (NSSF) cyber attack.
RedPacket Security stated that the information originated from the “devman” Onion Dark Web Tor blog page. HackManac also reported the incident in a post on X.
Stolen data appears to include information harvested by known infostealer malware families such as Lumma, Raccoon, and RedLine—tools designed to extract confidential system and user data.
The attackers detailed the use of multiple infostealers, suggesting a multi-stage, technically complex intrusion method.
Available technical indicators point to extensive data exfiltration, likely targeting both corporate assets and individual user information within Netstar’s environment.
While the threat actors have not published screenshots or sample files, they included a link to a public leak site for additional details.
As it stands, Netstar has not communicated any information regarding the truth of the incident.
About Author
