Ransomware group dragonforce hits Grupo DIRIA
Grupo DIRIA — a hospitality and tourism target operating in CR has been listed by the dragonforce ransomware group on 2025-08-27. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | Grupo DIRIA |
|---|---|
| Threat Group | dragonforce |
| Summary | Grupo Diria is a provider of luxury accommodation in Tamarindo Beach, Costa Rica, offering a range of hotels and resorts. The company is committed to respecting cultural traditions while ensuring modern comfort and security for its guests. Their mission is focused on tourism and hospitality, delivering an authentic Costa Rican experience. Intended clients include travelers seeking high-quality lodging and an immersive cultural experience. |
| Date of Breach | 2025-08-27 |
| Discovery Date | 2025-08-27 |
| Region | CR |
| Target Domain | www.grupodiria.com |
| Business Sector | Hospitality and Tourism |
| Severity | MEDIUM |
Claim by dragonforce
Grupo Diria is a provider of luxury accommodation in Tamarindo Beach, Costa Rica, offering a range of hotels and resorts. The company is committed to respecting cultural traditions while ensuring modern comfort and security for its guests. Their mission is focused on tourism and hospitality, delivering an authentic Costa Rican experience. Intended clients include travelers seeking high-quality lodging and an immersive cultural experience.
Posted by the dragonforce threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Victim website
www.grupodiria.com
Leak post (onion / Tor)
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog/?post_uuid=38ad9d7a-d7d8-4117-896b-040344ec7191
Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.