Boeing supplier leak claimed by J Group ransomware

A major third-party software supplier used by Airbus, Boeing, Nissan, Samsung, Volkswagen, and more has been hit by threat actors, who claimed to have exfiltrated sensitive data.

DCS Software Solutions, a company that offers software solutions like IT support, website development and cloud account management to businesses, was listed on the dark web leak site of the J Group ransomware gang on 1 October.

The threat actor claimed to have stolen 11 gigabytes of data from DCS, including sensitive legal documents like insurance policies and certificates, client-side metadata, including user permissions and audit trails, config files for CAE, HPC and PLM systems, documentation and architecture for proprietary software and the internal procedures for technical support, security and backups.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

To back up its claims, J Group posted a compressed folder, along with a .txt file containing a list of allegedly stolen .pdf files, which the threat actor claims were signed with the names of current and former employees. Other documents included training documents and yearly expense reports.

The compressed folder contained a number of internal documents from Sandvik, DCS’s parent company, including requirements, insurance documents, and more.

J Group is a relatively fresh ransomware operation that first appeared in February 2025. So far, the group has listed 27 victims, but not much is known about the operation as of yet.

One of the group’s first victims was Ausfec Limited, which trades as The Distributors.

Ausfec was listed on the J Group dark web leak site on 22 February 2025; however, the page shows no information other than that the group claimed to have exfiltrated 204 gigabytes of data.

The brands it distributes include Red Bull, Smith’s, Whittaker’s, and Bayer, while its customers include FoodWorks, IGA, Caltex, and 7-Eleven.

VIEW ALL

The file listing suggests that 4,782 directories were accessed, totalling more than 120,000 files. The data largely appears to be distribution agreements and invoices relating to The Distributors’ clients and customers, product allocations, and banking documents.

The Distributors did not respond to Cyber Daily’s request for comment.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Boeing supplier leak claimed by J Group ransomware

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

FOLLOW US ON