5309

LockBit affiliates targeted Mexico's Federal Mortgage Society (SHF) on 20 January 2026, exfiltrating approximately 277 GB of information and later encrypting systems; the group disclosed the incident on 21 January and set a ransom deadline that expired on 5 February 2026. Initial access was achieved via phishing, abuse of valid accounts, and exploitation of exposed remote services, followed by reconnaissance, lateral movement, exfiltration, and encryption.