AkzoNobel U.S. Site Hit by Cyberattack, Company Confirms

▼ Summary
– AkzoNobel confirmed a security breach at one of its U.S. sites, which has been contained with limited impact.
– The Anubis ransomware gang claims to have stolen 170GB of data, including confidential agreements and personal information.
– The leaked data is currently partial and includes sensitive documents like passport scans and internal technical specifications.
– AkzoNobel has not disclosed whether it engaged with the hackers but is notifying affected parties and authorities.
– Anubis is a ransomware service that launched in late 2024 and has since expanded its capabilities, including a data wiper.
A major paints and coatings corporation has confirmed a cybersecurity breach at one of its facilities in the United States. AkzoNobel, the Dutch multinational behind well-known brands like Dulux and Sikkens, stated that the incident was identified and successfully contained at the affected site. The company, which operates globally with over 35,000 employees, emphasized that the impact appears limited and that it is taking steps to notify any affected parties while cooperating with authorities.
The confirmation came after the Anubis ransomware gang listed the company on its data leak site, claiming responsibility for the attack. The cybercriminals allege they stole approximately 170 gigabytes of data, comprising nearly 170,000 files. As proof, they published samples including screenshots of sensitive documents and a comprehensive list of the purportedly stolen information.
!Anubis ransomware leak site listing for AkzoNobel
The leaked samples contain a significant volume of confidential material. This includes private agreements with major clients, internal technical specifications, material testing documents, and a range of personal data such as employee passport scans, email addresses, and phone numbers. The presence of private email correspondence within the leak further underscores the sensitivity of the compromised information.
At this stage, the leak appears to be only partial. The company has not disclosed whether it engaged in any negotiations with the threat actors behind the attack. Anubis ransomware operates as a Ransomware-as-a-Service (RaaS) platform, which emerged in late 2024. Its business model offers affiliates a large share of any ransom payments, incentivizing widespread attacks. The group gained further traction in the cybercriminal community in early 2025 by launching an affiliate program on a prominent hacking forum.
The threat posed by this group escalated in mid-2025 when its operators integrated a data wiper into their toolkit. This malicious tool is designed to permanently destroy files on a victim’s systems, making data recovery exceptionally difficult and increasing the pressure on targeted organizations to meet ransom demands. The containment of the AkzoNobel incident suggests the company’s security measures may have prevented the deployment of such destructive payloads in this case.
(Source: Bleeping Computer)





