Ransomware group fulcrumsec hits Arup Group
Arup Group — a business services target operating in GB has been listed by the fulcrumsec ransomware group on 2026-05-10. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | Arup Group |
|---|---|
| Threat Group | fulcrumsec |
| Summary | [AI generated] Arup Group is a British multinational professional services firm headquartered in London, United Kingdom. Founded in 1946, it operates in the engineering, design, planning, and consulting industries. The firm provides structural, civil, mechanical, and electrical engineering services, alongside architecture and project management. Arup works across sectors including infrastructure, buildings, transport, and energy, delivering projects in over 140 countries worldwide. |
| Date of Breach | 2026-05-10 |
| Discovery Date | 2026-05-10 |
| Region | GB |
| Target Domain | arup.com |
| Business Sector | Business Services |
| Severity | MEDIUM |
Claim by fulcrumsec
[AI generated] Arup Group is a British multinational professional services firm headquartered in London, United Kingdom. Founded in 1946, it operates in the engineering, design, planning, and consulting industries. The firm provides structural, civil, mechanical, and electrical engineering services, alongside architecture and project management. Arup works across sectors including infrastructure, buildings, transport, and energy, delivering projects in over 140 countries worldwide.
Posted by the fulcrumsec threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Victim website
arup.com
Leak post (onion / Tor)
http://4e3p3in2bl67hxchuwza7qvnpe7pyeloyztr5fnh257fxkovfhappjyd.onion/arup/
Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.