Great Foods Data Breach

Alleged

Ransomware claim involving Great Foods.

Published: Jun 17, 2026 Lamashtu
Threat Level
High
Confidence: High

Quick Summary

Company
Great Foods
Industry
Agriculture and Food Production
Threat Actor
Lamashtu
Date of Incident
Jun 17, 2026
Status
Alleged

Executive Summary

Great Foods, an agriculture and food production company based in Egypt, has been listed as a victim on the Lamashtu ransomware group’s dark web portal, published on June 17, 2026. The listing was identified through SOCRadar’s Dark Web Monitoring service. Lamashtu has targeted the agriculture and food production, manufacturing, and consumer services sectors, with victims concentrated in India, Germany, and Malaysia. Great Foods fits the group’s clear appetite for food-production targets and extends their geographic reach into North Africa.

Technical Analysis

SOCRadar’s stealer-log telemetry revealed exposure for the greatfoods.com.eg domain, including corporate email addresses and credentials for third-party and organizational systems. High-value endpoints identified include corporate Google access, Sophos security management, Fortinet SSO, and the company’s WordPress administrative login. The data spans from late December 2025 to mid-June 2026. Infostealer-harvested credentials are a documented initial access vector for ransomware groups like Lamashtu. While this evidence does not confirm Lamashtu used these specific credentials, the pattern of corporate logins to identity providers and security consoles from compromised endpoints is consistent with typical ransomware kill chains. Recommended actions include credential rotation, mandatory MFA on identity and security infrastructure, and endpoint forensics.

Is Your Organization Exposed on the Dark Web?

Enter your company domain to get a free dark web exposure report instantly.