All ransomware incidents
Ransomware group kazu hits Saudi Icon
Saudi Icon — a construction target operating in SA has been listed by the kazu ransomware group on 2025-12-29. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | Saudi Icon |
|---|---|
| Threat Group | kazu |
| Summary | Saudi Icon specializes in design and build solutions, offering a holistic approach to construction and turn-key services. The company caters to a diverse clientele, including hotels, workspaces, restaurants, gyms, and healthcare facilities across Saudi Arabia. With a focus on creativity, functionality, and quality construction, Saudi Icon aims to redefine modern living through thoughtful design and tailored services. Their extensive portfolio showcases significant projects, along with a reputation for delivering high-end fit-out solutions and innovative constructions |
| Date of Breach | 2025-12-29 |
| Discovery Date | 2025-12-29 |
| Region | SA |
| Target Domain | www.saudi-icon.com |
| Business Sector | Construction |
| Severity | MEDIUM |
| Ransom Demand | $400 000 |
| Data Size | 4.15 TB |
Claim by kazu
Saudi Icon specializes in design and build solutions, offering a holistic approach to construction and turn-key services. The company caters to a diverse clientele, including hotels, workspaces, restaurants, gyms, and healthcare facilities across Saudi Arabia. With a focus on creativity, functionality, and quality construction, Saudi Icon aims to redefine modern living through thoughtful design and tailored services. Their extensive portfolio showcases significant projects, along with a reputation for delivering high-end fit-out solutions and innovative constructions
Posted by the kazu threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.