A ransomware gang has claimed that it stole internal security documents from a software supplier powering global giants like Boeing, Volkswagen, Siemens, and Samsung.
J GROUP, the cybercriminal gang behind the alleged ransomware attack, has listed Dimensional Control Systems (3DCS) as a victim on its leak site on the dark web.
Ransomware groups commonly post victims on dark web leak sites to pressure them into paying, threatening to release stolen data if demands aren’t met.
3DCS provides software solutions and services to manufacturing companies globally, including big players in automotive, aerospace, medical devices, high-tech electronics, and industrial machinery sectors.
Among the companies using the 3DCS’s software are Fiat Chrysler Automobiles, General Motors, Nissan, and Volkswagen, Airbus and Boeing, Philips Medical, LG and Samsung. In 2025, the company reported $20.8 million in revenue.
Internal data allegedly stolen
The attackers claim to have extracted 11GB of the company’s data, including sensitive internal documents:
- Proprietary software architecture and documentation.
- Configuration files for integrations with CAE, HPC, and PLM systems.
- Client-side metadata defining business objects, user permissions, and audit trails.
- Sensitive legal documents (certificates, insurance policies).
- Internal procedures for backups, technical support, and security.
Attackers released a .txt file and compressed folder along with their claims to prove the attack is legitimate.
Cybernews researchers investigated data samples released with the listing. The text file included a long list of allegedly stolen .pdf files. The documents were allegedly signed with the company's current and former employees with their names on them. Also the list go on with various training documents, some are training reports from employees with their names on them, as well as yearly expense reports.
Attackers also published compressed folder containing some internal documents from the parent company Sandvik. Leaked documents involves detailed company’s security requirements and assessments over time, cyber insurance, and crime insurance documents.
Company’s security might be at risk
It is still unverified if the data is legitimate, as the it is not very rare that ransomware gangs resurface older data from previous breaches claiming it is a new breach.
If the data proves to belong to 3DCS, the company’s internal operations at risk. “Revealed security measures that a company implements paints a clear picture for the attackers of what would be the easiest or hardest to exploit,” said Cybernews research team.
If the documents truly belongs to the company, they likely include personally identifiable data of current and former employees, putting them at risk of identity theft and being instrumentalized in social engineering attacks.
Cybernews has reached out to the company for confirmation, but a response is yet to be received.
Who is J Group ransomware?
J Group ransomware is a newcomer to the cybercrime scene, first detected in early 2025.
So far, there’s little information on the group’s activities. However, security researchers note that the gang targets everything from amusement parks to potato packers. Just recently the gang listed a German charter operator FAI Aviation Group as its newest victim. The attackers claimed to have extracted nearly 3TB of internal company’s data. The company has not verified if it suffered attack.
The gang’s tactics suggest it’s still finding its footing, experimenting with various attack methods. Interestingly, the gang may adopt an ever-more-popular approach to data brokerage.
Unlike traditional ransomware crews that threaten to dump stolen data if the company refuses to pay, groups like J Group are leaning into data brokerage. The gang attempts to auction off victims’ information to the highest bidder when negotiations with the victim collapse.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked