INC Ransom Claims Energy and Construction Sectors Breach: ACWA Power Saudi Arabia and Larsen & Toubro India Data Leaked 

Summarize with:

ChatGPT Claude.ai Google AI Grok Perplexity

Add as preferred source on Google

The INC Ransom hacking group has listed two major multinational corporations, Saudi Arabia-based ACWA Power and India-based Larsen & Toubro, on their leak site on February 24, 2026. The group claims to have successfully breached the networks of these critical infrastructure entities and published internal documents to substantiate claims.

This is a common double-extortion tactic used to pressure victims into paying ransoms.

Details of the ACWA Power Data Breach and L&T Compromise

The scope of the alleged ACWA Power data breach and Larsen & Toubro cyberattack appears extensive, with the threat actors boasting a cache of 400 GB of data. The leaked proofs indicate the alleged compromise of highly sensitive intellectual property and operational data. 

The exposed datasets reportedly include:

• ISO certifications, 
• detailed technical specifications, 
• proprietary engineering drawings, 
• invoices, 
• project documentation. 

The exfiltration of such granular technical data poses severe risks, potentially exposing critical infrastructure vulnerabilities and trade secrets, but the breach has not been confirmed.

INC Ransom Targeting

The INC Ransom hacking group has a history of targeting high-value enterprises. Security teams in the energy sector are advised to monitor for indicators of compromise (IoCs) associated with INC Ransom and review third-party access controls immediately.

Last month, an INC Ransom backup server security fail enabled 12 American companies to recover their data, and the gang claimed an attack on automotive supplier Yazaki Group in December.

In November 2025, the U.S. CodeRED Emergency Alert System was disabled by a data breach that INC Ransom claimed.

Related

APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe

Ivanti VPN Flaws Exploited by Chinese Hackers Impacting Almost 120 Organizations, Report Says

Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled

CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise

Cornwall Council Data Breach Exposes Unredacted Complainant PIIs

Cyber Job Moves: Security Leadership Expands Across Enterprise and Cyber Vendors

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.

Subscribe for Free

Please enter a valid email address.

Most Popular

APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe

Ivanti VPN Flaws Exploited by Chinese Hackers Impacting Almost 120 Organizations, Report Says

Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled

We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works

CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise

Cornwall Council Data Breach Exposes Unredacted Complainant PIIs

APT28 Deploys Macro Malware in Browser-Based Exfiltration Operation Targeting Europe

Ivanti VPN Flaws Exploited by Chinese Hackers Impacting Almost 120 Organizations, Report Says

Spain Detains Two Suspected Anonymous Members for DDoS Attacks: Hacktivist Cell Dismantled

We Tested Windscribe Clear Wi-Fi History Feature on Desktop Apps for Privacy Control - Here is How it Works

CarGurus Data Breach Exposes 12.5 Million User Records in Alleged ShinyHunters Compromise

Cornwall Council Data Breach Exposes Unredacted Complainant PIIs