French industrial supplier LISI Group confirmed a cybersecurity incident affecting two ancillary sites after the Qilin ransomware gang claimed responsibility. The company said only a limited amount of information was stolen and that core operations and infrastructure were not impacted; however, data samples attributed to Qilin reportedly included internal business documents and sensitive records such as bank-transfer screenshots, bank account details, employee forms, contracts, and partner-related documentation.
Dutch paints and coatings firm AkzoNobel also confirmed a contained intrusion limited to a single U.S. site following a leak attributed to the Anubis ransomware operation. Anubis claimed theft of roughly 170GB (nearly 170,000 files) and published partial leak samples allegedly including confidential client agreements, internal correspondence, passport scans, material testing documents, and technical specification sheets; AkzoNobel stated it is notifying impacted parties and coordinating with authorities. Separately, a BlackFog monthly ransomware roundup reported 82 publicly disclosed ransomware incidents in February 2026 (healthcare most targeted) and highlighted other claimed/extortion cases (e.g., Everest claims involving Hosokawa Micron and Iron Mountain), but it did not provide additional corroboration on the LISI Group or AkzoNobel incidents.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
LISI Group disclosed that two ancillary sites were affected by a cybersecurity incident following Qilin's claims. CEO Emmanuel Viellard said only a limited amount of information was stolen and that operations and infrastructure were not impacted.
AkzoNobel confirmed that hackers breached the network of one of its U.S. sites after the Anubis ransomware gang posted a data leak. The company said the incident was contained, limited to that site, and that it was notifying affected parties and working with authorities.
Over the weekend before March 3, 2026, the Qilin ransomware gang claimed to have targeted French industrial supplier LISI Group. Data samples shared by Qilin indicated exposure of financial and internal business documents.
During 2025, the Anubis operation broadened its affiliate model and introduced a data-wiping capability. This marked an escalation in the group's tooling and business model.
The Anubis ransomware-as-a-service operation began in December 2024. It later expanded its affiliate program and added a data-wiping capability in 2025.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.