The Italian company Fulgar has suffered a large-scale ransomware attack. Responsibility for the incident was claimed by the RansomHouse group, which posted a message on its darknet site announcing the company’s compromise and threatening to publish the stolen data. According to their statement, the attackers gained access to internal systems as early as 31 October, yet disclosed the breach only on 12 November.
RansomHouse published a familiar extortion note addressed to Fulgar’s leadership, asserting that the company was “unlikely to be interested in seeing its confidential information leaked or sold to third parties” and urging it to “resolve the situation without delay.” Such messages typically accompany blackmail attempts: if a victim refuses to pay, criminals release the stolen files publicly or sell them on underground forums.
Fulgar has publicly confirmed the incident. The company reports that on 3 November 2025, it fell victim to a cyberattack targeting its IT infrastructure in Italy. According to the statement, internal security procedures required an immediate shutdown of all systems to prevent further spread of the attack. Fulgar also acknowledges the possibility of a personal data leak, although no specific cases have been confirmed at this time.
Meanwhile, the extortionists’ website has begun publishing samples of the stolen data. These include internal documents, spreadsheets containing bank balances, correspondence with commercial and government entities, and various invoices. Such information can be weaponized for targeted phishing: attackers can send emails containing real account details and authentic business context to deceive recipients, gain new access, or compromise the company’s partners. In addition, the exposure of financial and organizational data may undermine Fulgar’s competitive standing, giving rivals insight into its contracts, pricing strategies, and client relationships.
Fulgar, founded in the late 1970s, has become a global leader in the production of synthetic fibers, including polyamide 66 and elastane yarns. Its materials are widely used in lingerie, sportswear, and technical fabrics. The company operates the largest spinning mill in Europe and distributes fibers across Italy, Turkey, and other regions. Its production facilities are located in Italy, Turkey, and Sri Lanka, with notable clients such as H&M, Adidas, Wolford, and Calzedonia.
The RansomHouse group has been active since late 2021 and, according to the Cybernews Ransomlooker tracker, has already listed at least 148 organizations among its victims. In May 2025, the group claimed responsibility for breaching Oettinger, one of Germany’s largest brewing companies, publishing documents dated between 2022 and 2025. Earlier, they targeted Spain’s Hospital Clinic de Barcelona, an attack that led to thousands of cancelled patient appointments. According to a joint report from U.S. cyber authorities issued in 2024, several ransomware operators—including RansomHouse—collaborate with Iranian intermediaries who assist in the encryption process in exchange for a share of the ransom.
