Ransomware group aurora hits NTP B.V. Civil Engineering Construction
NTP B.V. Civil Engineering Construction — a construction target operating in NL has been listed by the aurora ransomware group on 2026-06-22. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | NTP B.V. Civil Engineering Construction |
|---|---|
| Threat Group | aurora |
| Summary | [engineering] NTP B.V. (trading as NTP Infra / NTP Groep) is a Dutch civil engineering contractor headquartered in Hattem, Gelderland. They build roads, lay cables, install sewers, and perform ground works across the Netherlands. With 150–200 employees, offices in Hattem, Enschede, and Zevenaar, and a 2024/2025 acquisition of Aannemingsbedrijf Dubbink B.V., they are a typical mid-market Dutch “aannemingsbedrijf” — government contracts, municipal works, private developments. Their file server contained everything: 10+ years of operations, every employee's personal files, the complete HR/payroll system exports, every network device configuration, every project bid, and every financial record. |
| Date of Breach | 2026-06-22 |
| Discovery Date | 2026-06-22 |
| Region | NL |
| Target Domain | NTP B.V. Civil Engineering Construction |
| Business Sector | Construction |
| Severity | MEDIUM |
Claim by aurora
[engineering] NTP B.V. (trading as NTP Infra / NTP Groep) is a Dutch civil engineering contractor headquartered in Hattem, Gelderland. They build roads, lay cables, install sewers, and perform ground works across the Netherlands. With 150–200 employees, offices in Hattem, Enschede, and Zevenaar, and a 2024/2025 acquisition of Aannemingsbedrijf Dubbink B.V., they are a typical mid-market Dutch “aannemingsbedrijf” — government contracts, municipal works, private developments. Their file server contained everything: 10+ years of operations, every employee's personal files, the complete HR/payroll system exports, every network device configuration, every project bid, and every financial record.
Posted by the aurora threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Victim website
NTP B.V. Civil Engineering Construction
Leak post (onion / Tor)
http://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/ntp-bv-civil-engineering-construction-87342294
Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.