The Tengu ransomware group has listed another Moroccan organization, Le Multi Laboratoire LC2A, on its dark web leak site, marking the group’s second known attack against Morocco within a week.
LC2A, a bio-analytical and product testing laboratory, provides online analytical services connecting clients with specialized testing experts. According to the post, the group claims to have exfiltrated internal data from the company’s systems and plans to publish the stolen information after a countdown timer expires.
The listing includes two sample images that appear to show internal spreadsheets and transaction documents, though the total volume of stolen data remains undisclosed.
Tengu Group’s Activity in Morocco
This development follows the recent listing of STAR LÉGUMES, another Moroccan company, by the same ransomware group.
The appearance of two Moroccan organizations within the same week highlights Tengu’s expanding focus on North Africa, potentially exploiting weak security configurations or shared hosting environments among small and mid-sized businesses.
Tengu’s operations surfaced in October 2025, and the group has already listed victims across the United Arab Emirates, Spain, Brazil, Iran, and Morocco, positioning itself as an emerging ransomware actor targeting multiple industries.
Disclaimer: This report is based on open-source intelligence (OSINT) and dark web monitoring. CyHawk Africa has not independently verified the authenticity of the claimed data. The report is intended solely for cybersecurity awareness and situational intelligence purposes.