A newly rebranded extortion gang known as “World Leaks” has breached one of Dell’s product demonstration platforms and is now attempting to extort the company.
Dell confirmed to BleepingComputer that the attackers gained unauthorized access to its Customer Solution Centers—an isolated environment used solely to demonstrate Dell products and test proof-of-concept solutions for commercial clients.
According to Dell, the affected system is intentionally separated from its main corporate network, customer-facing infrastructure, and partner systems. The company emphasized that no sensitive customer data was compromised, stating that the environment primarily contained synthetic or publicly available data, Dell system scripts, and other non-sensitive test outputs. Despite the attackers’ claims, the stolen information reportedly includes fabricated medical and financial records designed for demonstration purposes. The only real data believed to have been accessed is an outdated internal contact list.
World Leaks is the new name for the group previously known as Hunters International, a cybercriminal organization that emerged in late 2023. It was initially suspected to be a rebrand of the notorious Hive ransomware group due to similar code structure.
In January 2025, the group formally adopted the World Leaks moniker and shifted its focus from file encryption to data theft and extortion. This strategic pivot came after growing concerns within the ransomware community that encryption-based attacks had become less profitable and more legally risky.
Instead of encrypting files, World Leaks now relies on a custom-built data exfiltration tool to steal and leak information as leverage for ransom demands. Since rebranding, the group has published stolen data from at least 49 organizations on its leak site, although Dell is not currently listed among them. Researchers have also linked the gang to the recent exploitation of end-of-life SonicWall SMA 100 devices, where hackers deployed a custom rootkit known as OVERSTEP. According to Macnica threat researcher Yutaka Sejiyama, 10 of the 46 previously targeted companies listed by World Leaks were using vulnerable SMA 100 hardware.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Dell has not revealed how the attackers gained access to the demonstration system and declined to share further details, citing an ongoing investigation. The company also refrained from commenting on whether it intends to meet the extortion demands. As of now, the incident appears to be contained, and the compromised data is not believed to pose any risk to customers.
