Executive Summary

The RansomHouse ransomware group has claimed responsibility for a cyberattack against Fulgar S.p.A., a prominent Italian textile supplier for major fashion brands including H&M, Adidas, and Wolford. The incident, which Fulgar confirmed on November 3, 2025, is a stark example of a supply chain attack, where threat actors target a less-secure third-party supplier to indirectly impact larger, more valuable organizations. RansomHouse has reportedly leaked sensitive corporate and partner data, causing operational disruption for Fulgar and posing a significant downstream risk to its high-profile customers. The attack underscores the increasing focus of ransomware groups on the interconnected vulnerabilities within global commercial supply chains.

Threat Overview

Threat Actor: RansomHouse is a data-extortion group that focuses on stealing data and threatening to leak it, rather than just encrypting files. They often claim to be "penetration testers" who are simply pointing out security flaws, a narrative used to pressure victims into paying.

Victim: Fulgar S.p.A. is a critical link in the fashion supply chain, known for producing innovative and sustainable yarns. Its compromise directly affects the production capabilities and proprietary information of its partners.

Attack Vector: The specific initial access vector was not detailed in the reports, but such attacks typically involve phishing, exploitation of unpatched vulnerabilities, or compromised credentials.

TTPs:

• T1078 - Valid Accounts: Likely used compromised credentials for initial access or lateral movement.
• T1537 - Transfer Data to Cloud Account or similar exfiltration methods were used to steal sensitive data.
• T1486 - Data Encrypted for Impact: While known as an extortion group, ransomware deployment is a common tactic.
• T1657 - Financial Theft: The ultimate goal is extortion.

This attack is part of a broader trend of targeting third-party suppliers, as seen in previous attacks against conglomerates like Kering and LVMH.

Impact Assessment

The impact of the Fulgar breach extends far beyond the company itself.

• Operational Disruption: The attack has disrupted Fulgar's operations, which could lead to production delays for major brands like H&M and Adidas, affecting their product launches and revenue.
• Data Breach: The leak of sensitive data can include intellectual property (e.g., new fabric designs), financial information, and confidential data belonging to Fulgar's partners (the major brands).
• Loss of Trust: Such an incident erodes trust within the supply chain. Brands may reconsider their relationship with Fulgar, leading to significant financial losses for the supplier.
• Regulatory Fines: As an Italian company, Fulgar is subject to GDPR and has already begun issuing breach notifications. It could face substantial fines depending on the nature of the compromised data.
• Systemic Risk: This attack demonstrates the systemic risk within the fashion industry's tightly integrated supply chain. A single point of failure can have a widespread domino effect.

IOCs

No specific Indicators of Compromise were provided in the source articles.

Detection & Response

Detection (for suppliers like Fulgar):

1. Monitor for Data Exfiltration: Deploy Data Loss Prevention (DLP) solutions and monitor network traffic for unusually large outbound data transfers, especially to unknown destinations. This is a key part of User Data Transfer Analysis (D3-UDTA).
2. Endpoint Detection: Use an EDR solution to detect ransomware behaviors, such as mass file access, and the presence of known hacking tools.

Detection (for customers like H&M/Adidas):

1. Supply Chain Intelligence: Subscribe to threat intelligence services that monitor for breaches at key third-party suppliers.
2. Monitor for Leaked Data: Proactively monitor dark web forums and leak sites for any mention of your company's data, even if you have not been directly breached.

Response:

• Fulgar has correctly initiated its incident response plan, engaged authorities, and complied with GDPR notification requirements. The next steps involve forensic investigation, remediation, and communicating transparently with affected partners.

Mitigation

For Suppliers (like Fulgar):

1. Implement Foundational Controls: Ensure robust security basics are in place, including regular patching (M1051 - Update Software), MFA (M1032 - Multi-factor Authentication), and network segmentation.
2. Immutable Backups: Maintain offline and immutable backups to ensure recovery from a ransomware attack without paying the ransom.

For Customers (like H&M/Adidas):

1. Third-Party Risk Management (TPRM): Implement a comprehensive TPRM program. This includes rigorous security vetting of all critical suppliers before onboarding and continuous monitoring throughout the relationship.
2. Security Clauses in Contracts: Embed specific cybersecurity requirements and audit rights into supplier contracts. Require suppliers to maintain a certain level of security maturity and carry cyber insurance.
3. Zero-Trust Architecture: Adopt a zero-trust mindset for all connections, including those from trusted suppliers. All access should be authenticated, authorized, and encrypted.