{
	"id": "85ca5e21-58dc-4660-95b2-1250f3d0fdde",
	"created_at": "2026-04-06T00:11:27.37271Z",
	"updated_at": "2026-04-10T13:13:06.143536Z",
	"deleted_at": null,
	"sha1_hash": "b72865d8acbcfea43dc9436eceb7783fd4926852",
	"title": "Ransomware gang publishes tens of GBs of internal data from LG and Xerox",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 754576,
	"plain_text": "Ransomware gang publishes tens of GBs of internal data from LG\r\nand Xerox\r\nBy Written by Catalin Cimpanu, ContributorContributor Aug. 3, 2020 at 7:46 p.m. PT\r\nArchived: 2026-04-05 13:50:15 UTC\r\nImage: LG, Simone Hutsch, ZDNet\r\nExecutive guide\r\nThe operators of the Maze ransomware have published today tens of GB of internal data from the networks of\r\nenterprise business giants LG and Xerox following two failed extortion attempts.\r\nThe hackers leaked 50.2 GB they claim to have stolen from LG's internal network, and 25.8 GB of Xerox data.\r\nWhile LG issued a generic statement to ZDNet in June, neither company wanted to talk about the incident in great\r\ndepth today.\r\nBoth of today's leaks have been teased since late June when the operators of the Maze ransomware created entries\r\nfor each of the two companies on their \"leak portal.\"\r\nThe Maze gang is primarily known for its eponymous ransomware string and usually operates by breaching\r\ncorporate networks, stealing sensitive files first, encrypting data second, and demanding a ransom to decrypt files.\r\nIf a victim refuses to pay the fee to decrypt their files and decides to restore from backups, the Maze gang creates\r\nan entry on a \"leak website\" and threatens to publish the victim's sensitive data in a second form ransom/extortion\r\nattempt.\r\nThe victim is then given a few weeks to think over its decision, and if victims don't give in during this second\r\nextortion attempt, the Maze gang will publish files on its portal.\r\nhttps://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/\r\nPage 1 of 3\n\nLG and Xerox are at this last stage, after apparently refusing to meet the Maze gang's demands.\r\nLG incident and data\r\nZDNet has been tracking both incidents since they've been initially announced on the Maze website in late June.\r\nBased on screenshots shared by the Maze gang last month and by file samples downloaded and reviewed by\r\nZDNet today, the data appears to contain source code for the cloused-source firmware of various LG products,\r\nsuch as phones and laptops.\r\nlg-leak-maze.png\r\nImage: ZDNet\r\nIn an email in June, the Maze gang told ZDNet that they did not execute their ransomware on LG's network, but\r\nthey merely stole the company's proprietary data and chose to skip to the second phase of their extortion attempts.\r\n\"We decided not to execute [the] Maze [ransomware] because their clients are socially significant and we do not\r\nwant to create disruption for their operations, so we only have exfiltrated the data,\" the Maze gang told ZDNet via\r\na contact form on their leak site.\r\nWhen reached out for comment in June, the LG security team told ZDNet they would look into the incident and\r\nreport any intrusion to authorities. In a follow-up email sent today, after the Maze gang published more than 50\r\nGB of the company's files, the security team deflected our request for comment towards its communications team.\r\nWhen we reached out to the communications team, our email bounced, similar to what happened in June.\r\nXerox incident and data\r\nBut while we have somewhat of an idea of what happened with the Maze attack on LG, things are a lot murkier\r\nwhen it comes to Xerox.\r\nThe company has not returned requests for comment sent in June and today.\r\nIt is unclear what internal systems the Maze gang encrypted, or if files were stolen and ransomed without\r\nencryption, similar to the LG incident.\r\nBased on a cursory review of data leaked online today, it appears that the Maze gang has stolen data related to\r\ncustomer support operations. At the time of writing, we found information related to Xerox employees; however,\r\nwe have not yet found files holding data on Xerox customers -- although, this is a large trove of information and\r\nreviewing all of it will take time.\r\nxerox-leak.png\r\nImage: ZDNet\r\nCitrix point of entry?\r\nIn an interview with threat intelligence company Bad Packets in June, Troy Mursch, the company's co-founder,\r\ntold ZDNet that both companies ran Citrix ADC servers that at one point or another were left unpatched and\r\nhttps://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/\r\nPage 2 of 3\n\nvulnerable online -- according to his company's internet scans.\r\nThe servers were vulnerable to the CVE-2019-19781 vulnerability, which Mursch described as \"Maze's favorite\r\nvector of compromise.\"\r\nIronically, on the same day that the Maze gang leaked LG files on its leak portal, threat intelligence firm Shadow\r\nIntelligence told ZDNet in an email that another hacker was selling access to LG America's research and\r\ndevelopment (R\u0026D) center on a hacking forum.\r\nThe asking price was between $10,000 and $13,000, according to screenshots shared with ZDNet.\r\nlg-rd.png\r\nImage: Shadow Intelligence (supplied)\r\nSecurity\r\nSource: https://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/\r\nhttps://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/"
	],
	"report_names": [
		"ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox"
	],
	"threat_actors": [],
	"ts_created_at": 1775434287,
	"ts_updated_at": 1775826786,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b72865d8acbcfea43dc9436eceb7783fd4926852.pdf",
		"text": "https://archive.orkl.eu/b72865d8acbcfea43dc9436eceb7783fd4926852.txt",
		"img": "https://archive.orkl.eu/b72865d8acbcfea43dc9436eceb7783fd4926852.jpg"
	}
}