A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando.
Two victims disclosed these attacks without much information regarding who was involved.
Over the weekend,
DESFA confirmed they suffered a cyberattack after Ragnar Locker leaked screenshots of allegedly stolen data.
Earlier this month,
Sheppard Robson disclosed a ransomware attack and an extortion attempt but did not provide details about who hacked its network.
Finally, Hive Ransomware claimed last month to have attacked Sando but only released a small archive of files as 'proof' of the attack.
Strangely, the data for these victims have now appeared on the data leak site for a previously unknown extortion gang known as Donut Leaks. Furthermore, the data shared on the Donut Leaks site is far more extensive than that shared on the ransomware sites, indicating that this new threat actor was involved in the attacks.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
