Xortec reportedly targeted by Safepay ransomware group

Security Affairs reports that the Safepay ransomware group has reportedly attacked Xortec GmbH, a professional video surveillance and security provider based in Frankfurt, Germany.

The cybercrime group has listed Xortec on its leak website and set Oct. 27, 2025 as the ransom payment deadline. The alleged breach could have broader implications given Xortec's position in the security supply chain. Compromised firmware or software could expose client information, shipment records, and surveillance layouts, potentially disrupting critical services dependent on its products.

Safepay, which has been active since late 2024, has become known for its double extortion model, stealing and encrypting data before demanding ransom. The group targets sectors such as health care, manufacturing, and government and typically operates within 24 hours of initial access while avoiding systems located in Russia, hinting at a possible Eastern European origin.

Xortec is a professional video surveillance and IP networking provider. It supplies access control systems, cameras, and network video recorders and serves clients in the retail, infrastructure, and logistics industries.