This article was originally published on TechRepublic.
Dell Technologies has confirmed a cyberattack targeting one of its internal platforms used for product demonstrations. The breach, which occurred earlier this month, was carried out by a cyber extortion group known as World Leaks.
The attackers compromised Dell’s Customer Solution Centers, which are dedicated environments built to test technologies and demonstrate them to business clients. Dell emphasized these systems are isolated from its production networks and do not process customer or partner data.
“A threat actor recently gained access to our Solution Center… It is intentionally separated from customer and partner systems, as well as Dell’s networks and is not used in the provision of services to Dell customers,” Dell said in a statement to BleepingComputer.
Hackers leak over 1.3 TB of files
Following Dell’s acknowledgment of the incident, World Leaks released approximately 1.3 TB of data through its leak site. Social media reports indicate the leaked material includes more than 416,000 files, containing infrastructure scripts, system backups, employee directories, configuration data, and other materials linked to Dell products such as PowerPath, PowerStore, and VMware tools.
Despite the volume of data, Dell downplayed the impact of the breach.
“Data used in the Solution Center is primarily synthetic (fake) data, publicly available datasets used solely for product demonstration purposes or Dell scripts, systems data, non-sensitive information and testing outputs,” the company told BleepingComputer.
Rebranded ransomware group shifts to data theft
The breach is among the first major incidents attributed to World Leaks, which surfaced earlier this year following the rebranding of the Hunters International ransomware group. Instead of deploying ransomware, the group now focuses exclusively on data theft and extortion, using proprietary tools to exfiltrate data from compromised networks.
Cybersecurity analysts believe the change in tactics reflects the rising pressure from law enforcement and a shift in the threat landscape. They note that pure extortion operations may carry fewer legal and financial risks compared to ransomware deployments.
Ransomware payments decline
Recent research by Chainanalysis shows that ransomware payments fell by 35% year-over-year (YoY), from $1.25 billion in 2023 to $813.55 million in 2024.
The decline may be driving cybercriminals toward operations like World Leaks, which rely on data leaks and intimidation rather than encryption.
No word on ransom demands
Dell has not disclosed how the attackers infiltrate the system or whether a ransom demand was made. In response to media inquiries, the company has stated that the matter is under investigation.
The extortion group claims the stolen data is authentic and valuable; however, Dell continues to dispute this claim, maintaining that no sensitive customer or partner data was involved.
“Like many companies, we work tirelessly to combat online criminal activity, including those seeking to break into our systems and networks. Protecting the security and maintaining the trust of our customers and partners is a top priority,” Dell’s spokesperson told The Register.
