DyStar Data Breach

Alleged

Ransomware claim involving DyStar.

Published: Jun 28, 2026 Settra
Threat Level
High
Confidence: High

Quick Summary

Company
DyStar
Industry
Consumer Services
Threat Actor
Settra
Date of Incident
Jun 28, 2026
Status
Alleged

Executive Summary

DyStar, a manufacturing company based in Singapore, was recently targeted by the Settra ransomware group. The listing appeared on Settra’s dark web portal on June 28, 2026, as part of a batch of new victims. SOCRadar’s Dark Web Monitoring service identified this listing. DyStar joins other victims from the consumer services, technology, and manufacturing sectors, indicating a pattern of targeting across various industries and geographic locations, including the United States and Taiwan.

Technical Analysis

SOCRadar’s analysis of stealer-log telemetry revealed credential exposure for the dystar.com domain. This included corporate credentials for Microsoft 365 (smtp.office365.com) and an internal training portal, as well as corporate emails reused on third-party sites. A single corporate username appeared in both internal and third-party categories, suggesting a potential compromise of an employee workstation with credential reuse. The exposed data had a freshness window between May 14 and June 28, 2026. Credential harvesting through stealer logs is a common initial access vector for ransomware groups like Settra. While this specific log data doesn’t confirm Settra’s direct use of these credentials, the pattern of exposing corporate credentials tied to potential endpoint compromise aligns with typical ransomware kill chains. CTI teams are advised to prioritize credential rotation, session revocation, and endpoint forensics.

Is Your Organization Exposed on the Dark Web?

Enter your company domain to get a free dark web exposure report instantly.