Ransomware group dragonforce hits SITAV SpA
SITAV SpA — a manufacturing target operating in IT has been listed by the dragonforce ransomware group on 2026-07-14. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | SITAV SpA |
|---|---|
| Threat Group | dragonforce |
| Summary | SITAV specializes in the construction, maintenance, revision, and restoration of trains and railway vehicles, ensuring maximum efficiency for high-speed trains, regional transport carriages, trams, and subways. The company has been operational since its founding, providing corrective and ordinary maintenance services primarily for Trenitalia. With a focus on innovation and safety, SITAV employs a team of experts and advanced technologies to guarantee that every vehicle is in perfect operational condition. Their services also include revamping, which modernizes existing trains to enhance the travel experience. |
| Date of Breach | 2026-07-14 |
| Discovery Date | 2026-07-14 |
| Region | IT |
| Target Domain | www.sitav.eu |
| Business Sector | Manufacturing |
| Severity | MEDIUM |
Claim by dragonforce
SITAV specializes in the construction, maintenance, revision, and restoration of trains and railway vehicles, ensuring maximum efficiency for high-speed trains, regional transport carriages, trams, and subways. The company has been operational since its founding, providing corrective and ordinary maintenance services primarily for Trenitalia. With a focus on innovation and safety, SITAV employs a team of experts and advanced technologies to guarantee that every vehicle is in perfect operational condition. Their services also include revamping, which modernizes existing trains to enhance the travel experience.
Posted by the dragonforce threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Victim website
www.sitav.eu
Leak post (onion / Tor)
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog/?post_uuid=639ab14a-fdcd-4e32-be98-d16c626fbebe
Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.

