Lexmark Security Advisory: Babuk2 Incident Notice March 11, 2025

On March 11, 2025, the Babuk2 threat actor group claimed to have executed a ransomware attack against Lexmark on its dark web leak site. Lexmark’s cybersecurity team promptly initiated an investigation into this claim. 

As of March 14, 2025, we have found no evidence to support the presence of ransomware in our environment.

The threat actor shared a screen capture of a work order from one of our authorized service partners in Europe and a file containing compressed videos used by service partners for printer diagnostics. We have determined that this data likely originated from a single compromised account on a restricted, public-facing SFTP service used to share information with our Technical Service Center (TSC). 

As we do with any threat like this, we are actively investigating all activities related to this service to identify any potential data compromises. If any customer or partner data is found to be at risk, we will notify the affected parties in accordance with our contractual terms and commitments. 

For any additional questions or concerns, please contact us at security@lexmark.com.

Update (March 24, 2025):

Lexmark’s ongoing investigation revealed a security vulnerability in the software, provided by Progress Software, that we use for our secure file transfer service (SFTP). The flaw, now identified as CVE-2025-2324opens in a new tab, allowed unauthorized access to download files.

Lexmark’s system had security measures in place to limit access, but the Babuk2 threat actor group exploited the identified vulnerability to bypass those controls.

Progress Software confirmed the vulnerability and released a software update (version 2024.0.8opens in a new tab) to repair it.

Lexmark took immediate action to apply this update and resolve the vulnerability on our systems.

We are committed to maintaining the security of our systems and the data entrusted to us. We will continue to monitor our systems closely and take all necessary steps to protect against future incidents.