THREATNOIR
Subscribe
Back to Feed
RansomwareApr 9, 2026

‼️ New DLS Identified: ShadowByt3S http://mfbbt65kir2drc7tuoukwibikgvxquauscnzgbeltkmidjtgqlzm2q...

New ransomware gang ShadowByt3S claims 9GB data theft from Forestal Atlántico Sur.

Read at source

Summary

A newly identified ransomware operation called ShadowByt3S has surfaced on the dark web, claiming to have stolen approximately 9GB of data from Uruguayan forestry company Forestal Atlántico Sur, including PostgreSQL databases. The threat actor has published two onion addresses as part of the breach announcement, following typical ransomware gang leak site patterns.

Indicators of Compromise

  • domain — mfbbt65kir2drc7tuoukwibikgvxquauscnzgbeltkmidjtgqlzm2qad.onion
  • domain — sdwbytqeb664krp2wz2qs3lxxah2rhneuotot5hy7g4jpn2pindigcad.onion

Entities

ShadowByt3S (threat_actor)PostgreSQL (product)