Ransomware group aurora hits Primed Halberstadt Medizintechnik
Primed Halberstadt Medizintechnik — a healthcare target operating in DE has been listed by the aurora ransomware group on 2026-06-30. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | Primed Halberstadt Medizintechnik |
|---|---|
| Threat Group | aurora |
| Summary | [manufacturer] *** GmbH — a German manufacturer of medical devices founded in 1946 and now part of the PE-backed PP Medtech group (Wiesmann & Co. KG). The exfiltration captured four entire server volumes: Daten (883 GB) — File server: 289 employee home directories (547 GB), Czech subsidiary data (66 GB), production processes (162 GB), machine configurations (81 GB) EE (807 GB) — Enterprise system: Apollo ERP, VBANK banking (8 accounts), complete database backup (100.6 GB, dated June 3), product images WINDVSW1 (344 GB) — Windows server: DATEV accounting (115+ data directories including LODAS payroll), bank transfers, DMS exports dmsscan (12 GB) — Scanned documents from 51+ employee DMS mailboxes A database backup (spiel.zip.001–010, 100.6 GB) was created on 2026-06-03 |
| Date of Breach | 2026-06-30 |
| Discovery Date | 2026-06-30 |
| Region | DE |
| Target Domain | Primed Halberstadt Medizintechnik |
| Business Sector | Healthcare |
| Severity | MEDIUM |
Claim by aurora
[manufacturer] *** GmbH — a German manufacturer of medical devices founded in 1946 and now part of the PE-backed PP Medtech group (Wiesmann & Co. KG). The exfiltration captured four entire server volumes: Daten (883 GB) — File server: 289 employee home directories (547 GB), Czech subsidiary data (66 GB), production processes (162 GB), machine configurations (81 GB) EE (807 GB) — Enterprise system: Apollo ERP, VBANK banking (8 accounts), complete database backup (100.6 GB, dated June 3), product images WINDVSW1 (344 GB) — Windows server: DATEV accounting (115+ data directories including LODAS payroll), bank transfers, DMS exports dmsscan (12 GB) — Scanned documents from 51+ employee DMS mailboxes A database backup (spiel.zip.001–010, 100.6 GB) was created on 2026-06-03
Posted by the aurora threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Victim website
Primed Halberstadt Medizintechnik
Leak post (onion / Tor)
http://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/primed-halberstadt-medizintechnik-b278bad0
Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.