XPrinting giant Lexmark has acknowledged that a reseller's account may have been breached, leading to limited data exposure.
However, the company denied claims by the Babuk2 ransomware group that its systems were compromised, stating that an internal investigation found no evidence of ransomware in its environment.
The announcement follows a March 11, 2025, claim by Babuk2 on its dark web leak site, alleging a ransomware attack against Lexmark. The company's cybersecurity team immediately launched an investigation and, as of March 14, reported no signs of ransomware infiltration. Instead, Lexmark found that Babuk2 had posted a screenshot of a work order from one of its authorized service partners in Europe and a compressed file containing printer diagnostic videos used by service partners. Lexmark traced this data to a single compromised account on a public-facing SFTP service used by its Technical Service Center (TSC).
Lexmark, a well-known global manufacturer of laser printers and imaging solutions, serves businesses and enterprises worldwide. The company provides managed print services and hardware solutions, making it a potential target for cyberattacks, particularly those seeking intellectual property or customer data. While Lexmark has downplayed the severity of the breach, it has committed to further investigating the incident and notifying affected customers or partners if any risks are identified.
The alleged attacker, Babuk2, is a newly observed threat actor that first surfaced in January 2025. According to cybersecurity researchers at GuidePoint Security‘s Research and Intelligence Team (GRIT), Babuk2 appears to be reusing the name and branding of the defunct Babuk ransomware group, which originally operated in 2021 before its source code was leaked online.
GRIT's analysis suggests that Babuk2 is likely inflating its credibility by recycling victim claims from other ransomware groups, with at least 90% of its listed victims having already been targeted by known cybercriminal organizations such as LockBit, RansomHub, and FunkSec.
While Lexmark has found no evidence of ransomware within its systems, the potential breach of a reseller's account highlights the risks associated with third-party access and public-facing file-sharing services.
Meanwhile, Lexmark has advised customers and partners to contact security@lexmark.com for further inquiries relating to this incident. The company's investigation is ongoing, and updates will be provided if any additional risks are identified.
Google Rolls Out Fix for Bricked Chromecast Devices, But There’s a Catch
Leave a Reply