Quick Summary
Executive Summary
Great Foods, an agriculture and food production company based in Egypt, has been listed as a victim on the Lamashtu ransomware group’s dark web portal, published on June 17, 2026. The listing was identified through SOCRadar’s Dark Web Monitoring service. Lamashtu has targeted the agriculture and food production, manufacturing, and consumer services sectors, with victims concentrated in India, Germany, and Malaysia. Great Foods fits the group’s clear appetite for food-production targets and extends their geographic reach into North Africa.
Technical Analysis
SOCRadar’s stealer-log telemetry revealed exposure for the greatfoods.com.eg domain, including corporate email addresses and credentials for third-party and organizational systems. High-value endpoints identified include corporate Google access, Sophos security management, Fortinet SSO, and the company’s WordPress administrative login. The data spans from late December 2025 to mid-June 2026. Infostealer-harvested credentials are a documented initial access vector for ransomware groups like Lamashtu. While this evidence does not confirm Lamashtu used these specific credentials, the pattern of corporate logins to identity providers and security consoles from compromised endpoints is consistent with typical ransomware kill chains. Recommended actions include credential rotation, mandatory MFA on identity and security infrastructure, and endpoint forensics.