Quick Summary
Executive Summary
LP Group, a business services company based in Portugal, has been identified as a victim by the Nova ransomware group. The listing appeared on the group’s dark web portal on June 24, 2026, as detected by SOCRadar’s Dark Web Monitoring service. While Nova has a pattern of targeting technology, manufacturing, and education sectors primarily in Peru, the United States, and Spain, LP Group’s inclusion highlights a potential expansion or diversification in their targeting strategy, particularly within the business services sector across Europe.
Technical Analysis
SOCRadar’s analysis revealed no direct correlation in their stealer-log telemetry for the `lpgroup.pt` domain in the queried period. However, this absence does not confirm the absence of a breach, as credentials could have been harvested via personal email aliases, indexed against different domains, or obtained through threat intelligence feeds not covered by the specific query. The report emphasizes that ransomware groups like Nova commonly use infostealer-harvested credentials obtained from underground marketplaces for initial access. These credentials are used to gain entry into systems such as Microsoft 365, VPNs, or remote-access portals before deploying ransomware. CTI teams are advised to maintain vigilance and continue monitoring, treating a null query result with caution and not as definitive proof of non-compromise. Proactive credential hygiene measures remain essential.