Returning LockBit Ransomware Targets AB Capital Group
Manila, Philippines – A returning LockBit ransomware group has allegedly targeted AB Capital Group, a major financial services provider in the Philippines, exfiltrating and leaking a 60GB archive of source codes and financial data. The breach includes proprietary investment tools, trading platforms, and client databases, posing a cybersecurity and financial risk.
https://iili.io/2mGvCZl.png
AB Capital Group specializes in wealth management, corporate restructuring, and investment banking, providing critical services to corporations, pension funds, and individual investors. Its subsidiary, AB Capital Securities, Inc. (ABCSI), has been a major player in the Philippine stock brokerage industry for over six decades, offering online trading and financial advisory services.
Screenshots obtained from their dark web leak-site reveal that the attackers exfiltrated and leaked a 60GB archive titled "SOURCECODES.rar," containing trading software, internal documents, client reports, and sensitive company data. The LockBit ransomware group, known for its double extortion tactics, stole and published the files, potentially exposing confidential information related to investment strategies and corporate clients.
https://iili.io/2mGvBj4.png
https://iili.io/2mGvKyG.png
Lockbit's leak site listing shows the attack was updated on February 10, 2025, with the data being made publicly available under the title "sourcecode and database zip itd_1002". The archive reportedly includes:
1. ABCSI trading platforms and financial reporting tools
2. Client information, investment records, and corporate financial documents
3. Internal software, development files, and proprietary source codes
At this time, AB Capital Group has not issued an official statement regarding the breach. However, the exposure of critical financial data raises concerns about potential fraud, financial manipulation, and regulatory implications.
