Attack alert: lockbit5 targets graphiquedefrance.com - FR
Introduction
On December 5, 2025, Graphique de France, a French printing company specializing in food and cosmetic packaging, appeared on the ransomware group lockbit5's leaked website. The company, which employs between 50 and 100 people and generates €15 million in revenue, faced a critical threat targeting its sensitive industrial and commercial data. According to our certified analyses, the incident presents an XC SIGNAL criticality level, indicating a potential compromise of strategic data including customer formulas, industrial processes, and HR files. This attack against a player in the French manufacturing sector raises major questions about the protection of trade secrets and regulatory compliance in a context of strengthened obligations related to the NIS2 directive.
The malicious actor lockbit5 operates according to the Ransomware-as-a-Service (RaaS) model, allowing affiliates to deploy its malicious infrastructure in exchange for a commission on ransom payments. This currently active cybercriminal group is pursuing a double extortion strategy, combining system encryption with threats to publish exfiltrated data. The group preferentially targets medium-sized organizations with sensitive digital assets but limited defense capabilities, as evidenced by this attack against Graphique de France. Previous victims of lockbit5 demonstrate technical expertise in exploiting unpatched vulnerabilities and using privilege escalation techniques to compromise IT infrastructures. The RaaS model allows the group to launch multiple attacks simultaneously through a network of paid affiliates, making attribution and neutralization particularly complex for authorities. Publishing the data on their leak site exerts maximum pressure to force victims to pay the ransom quickly before publicly disclosing the compromised information.
Analyse détaillée
→ Full analysis of the lockbit5 group
Founded in 1985, Graphique de France specializes in printing packaging for the food and cosmetics sectors, two highly regulated industries requiring confidentiality and strict compliance. The company, based in France with 50 to 100 employees, generates annual revenue of €15 million thanks to its expertise in customized printing solutions for prestigious clients. Its positioning in the high-end packaging market involves the daily handling of strategic data: clients' proprietary formulas, technical packaging specifications, optimized industrial processes, and sensitive business information. The compromise of these digital assets represents a major risk not only for Graphique de France, but also for its clients, whose trade secrets could be exposed. The organization's IT infrastructure, typical of a French industrial SME, combines production management systems, customer databases, and human resources, creating a large attack surface for malicious actors. Its location in France subjects the company to the obligations of the GDPR and the NIS2 Directive, imposing strict notification deadlines to the authorities in the event of a confirmed breach.
→ Other attacks in the Manufacturing sector
Based on our analysis of the certified data, the incident presents an XC SIGNAL criticality level, the highest in our classification, indicating a likely compromise of highly sensitive data. The potentially exposed information includes proprietary formulas of clients in the food and cosmetics sectors, constituting trade secrets of major strategic value. Graphique de France's optimized industrial processes, developed over four decades of expertise, represent a competitive advantage now threatened by public disclosure. The compromised HR files may contain personal employee data (contracts, salaries, performance reviews) subject to the strict protections of the GDPR, exposing the company to significant regulatory penalties. The precise timeline of the intrusion is still being analyzed, but the appearance of the data on the lockbit5 leak site on December 5, 2025, suggests a recent exfiltration of the data, likely within the preceding weeks. The initial attack vector could involve a targeted phishing email, the exploitation of an unpatched vulnerability in management systems, or the compromise of privileged access credentials. The lack of details on the exact volume of exfiltrated data does not diminish the severity of the incident; the SIGNAL level reflects the critical nature of the compromised information rather than its quantity. The available metadata indicates a level of technical sophistication consistent with the known capabilities of the lockbit5 group, suggesting thorough prior reconnaissance of the target infrastructure.
The French manufacturing sector, representing 13.5% of the national GDP, is becoming a prime target for ransomware groups due to its increasing reliance on digital systems and its generally low cybersecurity maturity. This attack against Graphique de France illustrates the specific risks faced by industrial SMEs: production shutdowns, loss of trade secrets, supply chain disruptions, and reputational damage with demanding customers. The French regulatory framework now imposes strict obligations through the transposition of the NIS2 directive, which came into force in October 2024. This directive subjects manufacturing companies to enhanced security requirements and incident notification within 24 hours. The GDPR adds another layer of constraints with fines of up to 4% of global turnover for negligence in the protection of personal data, potentially amounting to €600,000 for Graphique de France. Past experience in the sector demonstrates a domino effect: the compromise of a subcontractor can expose the data of multiple clients, creating a chain reaction of notifications and incidents. Similar companies must urgently strengthen their security posture, particularly through network segmentation, monitoring of privileged access, and ongoing cybersecurity training for their teams.
Questions Fréquentes
When did the attack by lockbit5 on graphiquedefrance.com occur?
The attack occurred on December 5, 2025 and was claimed by lockbit5. The incident can be tracked directly on the dedicated alert page for graphiquedefrance.com.
Who is the victim of lockbit5?
The victim is graphiquedefrance.com and operates in the manufacturing sector. The company is located in France. Visit graphiquedefrance.com's official website. To learn more about the lockbit5 threat actor and their other attacks, visit their dedicated page.
What is the XC protocol level for the attack on graphiquedefrance.com?
The XC protocol level is currently at XC SIGNAL status, meaning the attack on graphiquedefrance.com has been claimed by lockbit5 but has not yet been confirmed by our community. Follow the progress of this alert.
Conclusion
Thanks to the XC-Audit protocol, this attack is certified on the Polygon blockchain, guaranteeing immutable and verifiable traceability, unlike traditional centralized systems. Each piece of evidence collected (screenshots of the leak site, time-stamped metadata, victim IDs) is hashed and recorded in a publicly accessible distributed ledger for independent validation. This blockchain approach offers a guarantee of temporal integrity: certified data cannot be backdated, modified, or retroactively deleted, ensuring a reliable chronology of events. Victim organizations, security researchers, and authorities can verify the authenticity of information via Polygon transaction identifiers, eliminating doubts about the veracity of reported incidents. This technical transparency radically distinguishes DataInTheDark from traditional intelligence platforms that rely on opaque and unauditable databases. The XC-Audit protocol thus establishes a trusted standard for the CTI ecosystem, enabling strategic decisions based on cryptographically verifiable evidence rather than mere allegations.