The Tengu ransomware group claims to have breached Tahkout Group, a major Algerian conglomerate with extensive operations in the automotive, transport, real estate, and industrial sectors. The group alleges that the company’s IT department attempted to cover up the security incident and has issued a direct threat to leak confidential documents if their demands are not met. The attackers have posted a countdown timer, indicating a deadline for the company to respond before data publication.
According to the actor, 83GB of data was exfiltrated during the attack. The allegedly compromised data includes:
-
Financial and Administrative Records: Files labeled “Comptabilité” (Accounting) and “DLG PAIE” (Payroll).
-
Human Resources Data: Folders named “Ressources Humaines” (HR), “RH,” and “Pointage/POINTAGE FACIAL” (Timekeeping and potentially biometric data).
-
Commercial and Legal Documents: Directories containing “COMMERCIAL,” “Suivi Contrats” (Contract Monitoring), and “PATRIMOINE” (Assets/Property).
-
System and Network Data: Server files including “Active Directory” logs, “Users” directories, and server configurations.
-
Project Documents: Internal archives and project-related files.
