On March 11, 2025, the Babuk2 threat actor group claimed to have executed a ransomware attack against Lexmark on its dark web leak site. Lexmark’s cybersecurity team promptly initiated an investigation into this claim.
As of March 14, 2025, we have found no evidence to support the presence of ransomware in our environment.
The threat actor shared a screen capture of a work order from one of our authorized service partners in Europe and a file containing compressed videos used by service partners for printer diagnostics. We have determined that this data likely originated from a single compromised account on a restricted, public-facing SFTP service used to share information with our Technical Service Center (TSC).
As we do with any threat like this, we are actively investigating all activities related to this service to identify any potential data compromises. If any customer or partner data is found to be at risk, we will notify the affected parties in accordance with our contractual terms and commitments.
For any additional questions or concerns, please contact us at security@lexmark.com.
Lexmark’s ongoing investigation revealed a security vulnerability in the software, provided by Progress Software, that we use for our secure file transfer service (SFTP). The flaw, now identified as CVE-2025-2324, allowed unauthorized access to download files.
Lexmark’s system had security measures in place to limit access, but the Babuk2 threat actor group exploited the identified vulnerability to bypass those controls.
Progress Software confirmed the vulnerability and released a software update (version 2024.0.8) to repair it.
Lexmark took immediate action to apply this update and resolve the vulnerability on our systems.
We are committed to maintaining the security of our systems and the data entrusted to us. We will continue to monitor our systems closely and take all necessary steps to protect against future incidents.
This site uses cookies for various purposes including enhancing your experience, analytics, and ads. By continuing to browse this site or by clicking "Accept and close", you agree to our use of cookies. For more information, read our Cookies page.