Brokk, a Sweden-based manufacturer of remotely controlled demolition robots, has been listed as a victim by the Play ransomware group, which claims to have stolen internal company data and is threatening further disclosure, according to reports and threat actor statements.
The Play ransomware group, a cybercriminal operation previously linked to Russia, published an entry on its leak site stating that it had accessed Brokk’s systems. The group released what it described as a partial dataset of approximately 4GB, making the files available for download as part of its extortion strategy.
The attackers stated that the released data represents only a portion of the information they claim to have obtained. In the same message, the group warned that a full dataset would be published if the company does not respond to its demands. Such staged releases are commonly used by ransomware groups to pressure organizations into negotiations.
According to the claims made by the group, the stolen data includes internal corporate information such as client documents, budgets, payroll data, identification records, tax-related materials, and financial information. These claims have not been independently verified, and the available dataset could not be fully accessed using the password provided by the attackers.
The timing of the initial compromise has not been confirmed. Reports indicate that the listing on the leak site appeared several days before it was identified publicly, but no official timeline of the intrusion has been disclosed.
Brokk has not publicly confirmed the breach or provided details about any potential impact on its systems or customers. Requests for comment have been made, but no response has been reported at the time of publication.
Brokk develops remote-controlled demolition machines used in industrial, construction, and high-risk environments, including nuclear facility cleanup operations. The company has operated for decades, and its equipment has been used in projects such as nuclear site decommissioning and hazardous material handling.
The Play ransomware group has been identified as an active threat actor with a record of targeting organizations across multiple sectors. Reports indicate that the group has listed more than one thousand victims since 2023, including dozens in recent months.
The situation remains based on claims made by the attackers, and further confirmation would depend on official statements or findings from an investigation.