Ariomex leaked database exposing 11,826 verified user records
Data Leak
Summary
Hide ▲
Show ▼
A newly obtained Ariomex database exposed 11,826 verified user records, creating a concrete view of activity tied to sanctions evasion and large-scale capital transfers. The records span 2022 to 2025 and include users connected to Iran and multiple other countries. Analysts identified 27 potential sanctions-list matches, but incomplete identity data kept the matches from being definitive.
Related Happenings
MuddyWater U.S. network intrusion campaign targeting banks, airports, and a software company arm
Campaign
First: 06.03.2026 12:23
Last: 06.03.2026 12:23
Sources 1
About this happening:
**MuddyWater (Seedworm)** is running a **state-linked intrusion campaign** that has embedded itself in **U.S. banks, airports, a non-profit, and an Israeli software company arm**,...
MuddyWater U.S. network intrusion campaign targeting banks, airports, and a software company arm
CampaignAbout this happening: **MuddyWater (Seedworm)** is running a **state-linked intrusion campaign** that has embedded itself in **U.S. banks, airports, a non-profit, and an Israeli software company arm**,...
OFAC sanctions Matrix LLC and Operation Zero under PAIPA
Regulatory/Legal Action
First: 25.02.2026 12:31
Last: 25.02.2026 12:31
Sources 1
About this happening:
**OFAC** sanctioned **Matrix LLC / Operation Zero**, its owner **Sergey Sergeyevich Zelenyuk**, and five associated individuals and companies under **PAIPA**, expanding legal pres...
OFAC sanctions Matrix LLC and Operation Zero under PAIPA
Regulatory/Legal ActionAbout this happening: **OFAC** sanctioned **Matrix LLC / Operation Zero**, its owner **Sergey Sergeyevich Zelenyuk**, and five associated individuals and companies under **PAIPA**, expanding legal pres...
Resecurity alleged data leak claim after ShinyHunters Telegram screenshots
Data Leak
First: 03.01.2026 22:34
Last: 03.01.2026 22:34
Sources 1
About this happening:
**ShinyHunters** publicly claimed a **Resecurity** breach and posted screenshots on **Telegram**, asserting it had obtained **employee data**, **internal communications**, **threa...
Resecurity alleged data leak claim after ShinyHunters Telegram screenshots
Data LeakAbout this happening: **ShinyHunters** publicly claimed a **Resecurity** breach and posted screenshots on **Telegram**, asserting it had obtained **employee data**, **internal communications**, **threa...
Resecurity hit by data theft breach linked to Scattered Lapsus$ Hunters
Incident
First: 03.01.2026 22:34
Last: 03.01.2026 22:34
Sources 1
About this happening:
**Resecurity** is disputing a claimed breach after **Scattered Lapsus$ Hunters** said they stole internal data, making the event a contested compromise with unresolved exposure st...
Resecurity hit by data theft breach linked to Scattered Lapsus$ Hunters
IncidentAbout this happening: **Resecurity** is disputing a claimed breach after **Scattered Lapsus$ Hunters** said they stole internal data, making the event a contested compromise with unresolved exposure st...
RondoDox persistent IoT and web app botnet campaign
Campaign
First: 01.01.2026 11:19
Last: 01.01.2026 11:19
Sources 1
About this happening:
**Scattered Lapsus$ Hunters** claimed they breached **Resecurity** and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, but Rese...
RondoDox persistent IoT and web app botnet campaign
CampaignAbout this happening: **Scattered Lapsus$ Hunters** claimed they breached **Resecurity** and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, but Rese...
Latest development: 03.01.2026 22:34
Scattered Lapsus$ Hunters claimed they gained full access to Resecurity systems and stole internal chats, logs, employee data, threat intelligence reports, and a complete client list, while Resecurity said the accessed environment was a deliberately deployed honeypot with fake employee, customer, and payment data used to monitor the actor.
Timeline
-
03.03.2026 16:30 2 articles · 2mo ago
Leaked Ariomex database disclosed
Initial DisclosureResecurity disclosed an analysis of a leaked Ariomex database that covered 2022 to 2025 and exposed 11,826 verified user records, 27 potential sanctions-list matches, user withdrawal limits, and multimillion-dollar transfer patterns linked to Iran and other countries; the findings also referenced similarities to the June 2025 Nobitex cyberattack.
Show sources
- Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion — www.infosecurity-magazine.com — 03.03.2026 16:30
- Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion — www.infosecurity-magazine.com — 03.03.2026 16:30