Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A hacking group resurrects and claims three local hacks – but is the data real, or a reuse of a previous breach?
The Radar ransomware group, which was reportedly taken down in a law enforcement operation earlier this year, appears to have come back to life with a slew of new victims, including three Australian companies.
The hackers listed Sold Real Estate and One Agency Eastlakes on the group’s darknet leak site on 17 October, alongside service provider Urban X.
The hackers claimed that both estate agents share Urban X’s Active Directory infrastructure, and they shared evidence of each alleged hack. Radar published email correspondence and performance reports that appear to be linked to Sold Real Estate, and similar material that the group alleges it stole from One Agency Eastlakes, alongside what appears to be passport scans of two of Sold’s clients.
The evidentiary data shared to prove the Urban X hack, however, is simply a combination of the data published under the other two companies. Radar also shared the contact details of Urban X’s CEO.
Neither Sold Real Estate nor One Agency Eastlakes returned Cyber Daily’s request for comment, and while Urban X offered no comment, Cyber Daily understands that the data Radar is attempting to use in its extortion attempt may relate to an incident from earlier in the year.
A hacker using the name Sentap claimed to have breached Urban X’s network in May, before attempting to sell 275 gigabytes on a Russian-language hacking forum. At the time, Sentap claimed the data included sales records, marketing material, legal documents, and identification documents – a similar set of data to that published already in part by the Radar group in its recent posts.
At the time, Australian cyber security firm NSB Cyber linked Sentap to the FunkSec ransomware group, though, as of publication, there does not appear to be any links between FunkSec and Radar.
Whether the data is historical or not, it certainly seems to be one again in circulation, making for a useful set of data for further cyber crime and extortion.
The Radar group’s leak site features a news section with several links to articles in the media reporting its August 2025 demise. At the time, authorities in the US and Germany reported that they had taken down much of Radar’s infrastructure, including servers in the US, UK, and Germany. That iteration of Radar had been around since August 2023, while this new group was first observed on 9 October, when it posted the details of eight apparently new victims.
The older group was also invariably known as Dispossessor, a group thought not to be a ransomware operator as such, but rather an initial access broker, as pointed out by ransomware analytics platform Ransomfeed.
“We have noticed that there is a lot of talk about the alleged new ransomware group dispossessor; we did some checking and analysed the situation,” Ransomfeed said via its Ransomfeednews account on X on 25 March 2024.
“In light of everything, from our point of view it is not ransomware, but a group of scoundrels trying to monetise (on nothing) using the claims of other groups.”
The new group appears to be gearing up to operate a ransomware-as-a-service operation, with a page on its leak site titled “Order a service” saying “There will be a major announcement and detailed description soon”.
To date, this version of Radar – which may or may not be linked to the original one – has listed a total of 19 victims.
The hackers have set a ransom deadline of 13 November.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
