Cyber Threat Actor: UberLeaks

UberLeaks, also operating under the name Worldleaks, is a financially motivated cybercriminal group specializing in data extortion and ransomware operations. The group rebranded from a traditional ransomware operation to focus exclusively on data theft and extortion tactics by mid-2025. Their operations primarily target corporate entities across technology manufacturing, financial services, and business process outsourcing sectors, with confirmed incidents impacting organizations in Switzerland and multinational corporations. The threat actor demonstrates a pattern of exaggerating claims about stolen data volumes while compromising systems containing employee personal information, internal communications, and procurement records.

Notable campaigns include the June 2025 breach of procurement provider Chain IQ, which exposed personal details of approximately 130,000 employees from a major Swiss bank and internal executive contact information. The same operation compromised over 230,000 invoice line items from a Geneva-based financial institution. In July 2025, the group infiltrated Dell's isolated Customer Solution Centers platform, exfiltrating configuration scripts and system backups while fabricating samples to bolster extortion demands. Technical analysis of their operations reveals consistent exploitation of vulnerabilities in end-of-life network devices, particularly SonicWall appliances, for initial access. The group maintains affiliate relationships with actors specializing in legacy system exploitation, though no verifiable state sponsorship or geopolitical alignment has been publicly documented. Their operations emphasize psychological pressure through selective disclosure of executive communications while avoiding confirmed theft of customer banking data or government identifiers.