CyberSecurity News

Nova Ransomware Claims KPMG Netherlands Data Breach

Nova, an active ransomware operation, has reportedly claimed a major accounting firm in the Netherlands as its latest victim. The breach was discovered and indexed by ransomware live on January 23,...

Sarah simpson
Sarah simpson
January 26, 2026 2 Min Read
0 0

Nova, an active ransomware operation, has reportedly claimed a major accounting firm in the Netherlands as its latest victim.

The breach was discovered and indexed by ransomware live on January 23, 2026, with the estimated attack date coinciding with the discovery date.

The attackers claim to have exfiltrated sensitive data and have issued a 10-day ultimatum for contact and ransom negotiation.

Incident Overview

KPMG, one of the world’s leading professional services firms, provides comprehensive audit, tax, and advisory services to major global organizations.

The firm’s Netherlands division handles sensitive client data spanning financial services, compliance, and enterprise operations.

This targeting aligns with Nova’s established pattern of pursuing high-profile corporations in the professional services and financial sectors. Nova has emerged as a significant threat actor in the ransomware landscape.

According to threat intelligence data, the group operates multiple command-and-control (C2) infrastructure elements on the Tor network.

Analysis of publicly available indicators reveals Nova maintains a distributed leak infrastructure across multiple onion domains.

The group operates using uvicorn-based servers, indicating a standardized backend deployment.

Network defenders should block identified onion infrastructure and monitor for lateral movement patterns consistent with ransomware deployment.

Immediate incident response protocols should be activated if any Nova-related artifacts are detected in network logs. KPMG has not issued public confirmation of the breach at this time.

Clients and stakeholders are advised to monitor official communications for detailed impact assessment and remediation timelines.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachransomwareThreat

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts