Quick Summary
Executive Summary
Eggett Tax, a Canadian organization operating within the agriculture and food production sector, has been listed as a victim on the BrainCipher ransomware group’s dark web portal. The listing was published on June 22, 2026, and was identified through SOCRadar’s Dark Web Monitoring service. This incident adds a Canadian target to a leak portal that has shown a focus on both Canadian and UK entities. BrainCipher has been actively targeting the business services, agriculture and food production, and technology sectors, with a geographic concentration in the United Kingdom, Canada, and the United States. Eggett Tax aligns with the group’s secondary sector focus and its strong Canadian targeting pattern.
Technical Analysis
SOCRadar’s analysis indicates that initial-access vectors involving the use of stealer-log-harvested credentials are a common method for ransomware groups like BrainCipher. These credentials are often sourced from underground marketplaces, validated, and then used to gain access to corporate systems such as Microsoft 365, VPNs, or remote-access portals, preceding ransomware deployment. While SOCRadar’s query against their stealer-log telemetry did not return any direct records for eggetttax.ca, this absence of evidence should not be interpreted as confirmation of no compromise. The query is based on a partial, paginated sample, and credentials could be exposed through alternate domains, personal email aliases, or feeds not yet indexed. Therefore, CTI teams should maintain a posture of continuous monitoring and proactive credential hygiene rather than assuming a clean bill of health based on this specific query result.