Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have allegedly breached a Western Australia-based trade supplier, claiming to have exfiltrated personal and company data.
Kevmor Trade Supplies, a Belmont, Western Australia-based flooring and trade supply store, was listed on the dark web leak site of the Brotherhood ransomware gang.
The threat actors claimed to have exfiltrated 45 gigabytes of data from Kevmor Trade Supplies, including sales and payment documents, spreadsheets and more.
Within the listing was a sample containing passport scans, driver’s licenses, an invoice and an Excel spreadsheet screenshot.
The Brotherhood also posted a link to all the allegedly exfiltrated files, which it dated 4 July 2025.
It is currently unclear if any negotiations between the threat actor and Kevmor Trade Supplies have occurred, nor are the Brotherhood’s motivations.
Kevmor Trade supplies denied comment on the incident when contacted by Cyber Daily.
The Brotherhood is a fresh ransomware organisation that first appeared this month when it posted 10 victims to its dark web leak site.
Currently, not much is known about the group, with very little information provided by the threat actors on the dark web leak site.
A range of new ransomware groups have popped up in recent months, including The Gentlemen, which first appeared in September.
Like the Brotherhood, The Gentlemen does not have a manifesto on its site, nor anything else that might hint at who they are. No claims to be honest pen-testers doing their victims a favour, nor any promises that they are entirely financially motivated and can be trusted to delete stolen data when a ransomware is paid.
All there is on the gang’s leak site is details of its victims – and even that is light, with no information regarding data volumes or any evidentiary documents. Since those first 32 victims, two more have been added – one from Germany, the other from Nepal – and all, bar the last two, have had their data published, directly hosted on The Gentlemen’s leak site.
Trend Micro began investigating The Gentlemen in August, just before it began its darknet posting spree and no doubt while it was targeting its first tranche of victims.
“This threat actor quickly established itself within the threat landscape by demonstrating advanced capabilities through their systematic compromise of enterprise environments,” Trend Micro said in a recent blog post.
“By adapting their tools mid-campaign – shifting from generic anti-AV utilities to highly targeted, specific variants – the attackers demonstrate versatility and determination, posing a significant threat to organisations regardless of their security defences.”
Be the first to hear the latest developments in the cyber industry.
