Ransom! ARM (JUL-2026)
The D1R threat actor D1R, targeting ARM in GB, exploited leaked Synopsys database information and cross-referenced other group leaks to gain access and investigate remotely, later using Athena Download Manager—requiring an SSL certificate tied to ARM’s parent-owned product infrastructure—to bypass ARM’s 2FA email/SMS checks. This capability severely incapacitated operations despite 2FA protections, ultimately enabling unauthorized downloads from ARM-associated sources and amplifying impact to GB #UnitedKingdom

Incident Details

  • Victim: ARM
  • Sector: Technology
  • Country: GB
  • Actor: D1R
  • Source:
  • Discovered: 2026-07-13T11:33:13.133892+00:00
  • Published: 2026-07-13T00:00:00+00:00

Information

  • Thanks to leaked database by Synopsys, a roadmap was provided
  • Many other group leaks were cross-referenced and thoroughly analyzed
  • One of the leaked companies gave our team access to ARM center
  • Severely incapacitated by 2FA email/sms-code required by ARM on every step, we were still able to download an interesting tool: Athena Download Manager
  • This requires an SSL certificate of a company that owns ARM products, and downloading by means of Athena allows to bypass multiple 2FA checks that are required when downloading same files from www.arm.com
  • This is now free for download to any reverse engineer on Earth and beyond, thanks to Synopsys company data negligence

Disclaimer: This post is based on public claims made by the ransomware group "D1R". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.

monitored by: ransomware.live