Lenotech Corporation Listed on Tengu Ransomware Group Leak Site in Alleged 136GB Data Breach
Lenotech Corporation, a Philippine-based technology company, has been listed on a darknet leak site operated by the Tengu Ransomware Group, a newly observed ransomware threat actor. The group claims to have exfiltrated approximately 136GB of internal data following an alleged security incident that has not been publicly acknowledged by the company.
The disclosure was posted on a Tor-based data leak platform associated with Tengu, where the group accused Lenotech of failing to respond to outreach attempts regarding the incident.
Based on materials published on the leak site, the threat actor claims access to Lenotech’s internal systems and backups. Visible directory listings and file previews suggest the data may include operational and service-related information. Among the folders and files displayed are:
• Internal directories labeled Graphics, QnEBackup, and RMA Service
• Backup and archive files
• File timestamps dating from August 2025 through November 2025, indicating the data may span several months or reflect historical backups
Preview images uploaded by the group appear to show databases, service logs, internal documentation, and system-generated records, though the complete dataset has not yet been released to the public.
In a message addressed directly to Lenotech’s management, the Tengu Ransomware Group stated:
“We have been awaiting your response for a considerable time, but it appears your IT department has decided to cover up the incident that occurred within your company.”
The group further warned that failure to engage could lead to the public release of confidential company data and project documents, a pressure tactic commonly used in modern ransomware and data extortion campaigns.
The leak site categorizes the data under “Protected Downloads”, accompanied by a countdown timer indicating an unlock date of February 5, 2026. This suggests Lenotech may currently be within an extortion or negotiation window before the alleged data is made publicly accessible.
As of publication, the leak page has registered 682 views, signaling increasing attention from threat intelligence researchers and the wider cybersecurity community.
Lenotech Corporation operates in the Philippine technology sector, offering a range of products and services including computer peripherals, laptops, storage devices, gaming accessories, and dash cameras. The company distributes products from well-known brands such as A4Tech, Lenovo, and Seagate, serving both individual consumers and business clients. Lenotech also provides marketing support and dealer application services.
During verification, the research team confirmed that Lenotech is listed as an Authorized Service Center for Lenovo on Lenovo’s official website. As an authorized service partner, Lenotech is entrusted with performing warranty repairs, diagnostics, and device servicing for Lenovo products.
At the time of writing, Lenotech has not issued a public statement regarding the alleged incident, and there is no evidence suggesting that Lenovo’s corporate network or systems were compromised.
The Tengu Ransomware Group appears to be a newly emerging ransomware operation, with limited public reporting prior to this incident.
This remains a developing story, and updates will follow should additional details, confirmations, or data releases emerge.
