NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April

• The NightSpire ransomware group claimed France’s Municipality of Ardon cyber attack
• They posted about the alleged data breach on their dark web portal with other targets
• Claiming to have stolen 30GB of data, they have threatened to leak the same on April 30

The NightSpire ransomware group named France’s Municipality of Ardon on its dark web portal. The ransomware attack allowed the gang to exfiltrate about 30GB of data, according to the note posted on the dark web.

The group named three websites with a ransom payment deadline for each in the post mentioning the Municipality of Ardon. The other entities were from China and the the United States of America.

The deadline for ransom payment for the Municipality of Ardon was 8 days as noted by the threat intelligence provider StealthMole. The post mentioned the hacking date as April 15 with the data set to be released publicly on April 30 in case the ransom is not paid. 

They also posted samples of images and files as proof of the ransomware attack. 

We approached the Municipality of Ardon for comments regarding the dark web claims. We will update this post based on their response.

The dark web post had received 22 views at time of posting this report. 

NightSpire’s dark web activities have been traced since March 2025. “NightSpire individuals appear inexperienced and display a low level of sophistication, suggesting they may be new to extortion operations,” a research report about the group noted.

Researchers found two threat actors promoting NightSpire on the dark web going by the alias xdragon128 and cuteliyuan. In March this year, they were found looking for others to join their group to expand the scope of their criminal activities.

Despite the findings, it is alarming to learn about the skills of the threat actors in breaching the most secure systems.