Shadow Tier cyber intelligence
Back to overview
Confidence MediumDec 4, 2025bpost.be

bpost Ransomware Attack by TridentLocker

PatternExternal actor · Malware · Availability impact

Belgium's national postal operator bpost was hit by a ransomware attack claimed by the TridentLocker group. The attack resulted in the publication of approximately 30 GB of data on the attackers' leak site, with 5,140 files potentially containing personal and business information. Bpost confirmed the incident was a cybersecurity breach affecting a limited set of data from a third-party software platform. The company stated it took immediate containment measures, engaged cybersecurity experts, and informed relevant authorities.

Signal date
Dec 4, 2025
Updated
Jun 25, 2026
Confidence
Medium
Sources
2 sources
bpost.be logo

Bpost

Domain
bpost.be
Sector
Information
Signals
1 linked
Scan this company

Signal context

First seen: Dec 4, 2025

Last updated: Jun 25, 2026

Status: Public signal

Key points

  • Ransomware attack claimed by TridentLocker.
  • Publication of ~30 GB of data, including 5,140 files.
  • Compromised data from a third-party software platform.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Bpost logo
Bpost

Sector: Information

Likely country: 🇧🇪 Belgium

inferred from company domain

    Estimated
    Threat source
    Malware, Error activity

    Watch ransomware, endpoint compromise and business interruption exposure.

    • Source type: outside the affected organization
    Business impact
    Potential operational disruption

    Impact area: Availability

    Trend context
    29 signals with similar action pattern
    • 26 signals in the same sector
    • 22 signals with the same likely impact area
    • 1 signal linked to this organization/domain
    Mentioned entities
    BpostRansomware AttackTridentLocker BelgiumTridentLockerBpostRansomwareTridentLocker. Publication ofCompromised

    External sources

    Related signals

    Grouped by why the signal is relevant.

    eogb.co.uk logoEogbJun 28, 2026
    Same sectorSame action patternSame impact area

    eogb.co.uk Hit by Stormous Ransomware Group

    eogb.co.uk, a UK-based organization, was claimed as a victim by the Stormous ransomware group. The incident was discovered on June 28, 2026, at 21:29 UTC, with deep access to Microsoft Dynamics GP, internal legal documents, partnership agreements, customer contracts, operational spreadsheets, financial reports, and executive documents.

    lvm.lv logoLvmJun 26, 2026
    Same sectorSame action patternSame impact area

    Latvijas Valsts Mezi (LVM) Suffers Cybersecurity Breach

    Latvia's state-owned company Latvijas Valsts Mezi (LVM) confirmed a cybersecurity breach of its IT systems, reported on June 26, 2026. The incident, discovered around June 22, led to hackers accessing LVM's IT infrastructure. External IT systems, including 'LVM GEO' and the 'Mednis' hunting app, were taken offline, along with some internal communication systems. A foreign ransomware group claimed responsibility for the attack, which raised concerns due to LVM's role in developing an electoral IT platform for Latvia's parliamentary elections.

    atlas-elektronik.com logoAtlas ElektronikJun 25, 2026
    Same action patternSame impact area

    ATLAS ELEKTRONIK GmbH Hit by TheGentlemen Ransomware Attack

    On June 25, 2026, the ransomware group 'TheGentlemen' claimed responsibility for a cyberattack on ATLAS ELEKTRONIK GmbH, a German defense technology company specializing in maritime electronics and naval systems. The group issued an ultimatum, threatening to leak sensitive company data unless negotiations commence. The attack was reported on June 25, 2026, and is being monitored by cybersecurity intelligence platforms.

    microsoft.com logoMicrosoftJun 25, 2026
    Same sectorSame action patternSame impact area

    Malicious 'Edgecution' Extension Exploits Microsoft Edge Native Messaging for Ransomware Deployment

    Security researchers reported on June 25, 2026, the discovery of a new malware campaign dubbed 'Edgecution,' which utilizes a malicious Microsoft Edge extension to deploy ransomware and a Python-based backdoor. The extension abuses the Native Messaging API to escape the browser sandbox and establish a persistent system-level executor. Attackers are reportedly using Microsoft Teams for social engineering, directing victims to fake 'Outlook Updates Management Console' websites to trick them into installing the malicious extension. This campaign is believed to be operated by an Initial Access Broker (IAB) linked to the 'Payout Kings' ransomware operation.

    viennaairport.com logoViennaairportJun 23, 2026
    Same action patternSame impact area

    Vienna Airport Targeted in APT73/Bashe Ransomware Attack

    The ransomware group APT73/Bashe claimed responsibility for a cyberattack against Vienna Airport (Flughafen Wien AG) on June 23, 2026, threatening to leak sensitive data. The airport acknowledged a limited leakage of old cargo-related files from one email inbox but denied a broader system compromise.

    mckaysugar.com.au logoMckaysugarJun 21, 2026
    Same action patternSame impact area

    McKay Sugar Cyber Incident by Gentlemen Ransomware Group

    McKay Sugar, a major Australian sugar producer, suffered a cyber incident that disrupted operations at its Farley and Racecourse Mills. The Gentlemen ransomware group claimed responsibility for the attack around June 15-16, 2026, on their leak site. Public reporting indicated that McKay Sugar was working to verify what data was stolen or accessed. The ransomware group claimed to have stolen over 26 million records containing PII of customers and other internal data. The incident was discussed in public reporting around June 21, 2026.