Best Profil, a prominent Moroccan human resources services provider, has reportedly been breached by the Lynx hacking group, according to a post from threat intelligence firm Hack Manac.
The attackers claim to have stolen 26 GB of sensitive data, including contracts, financial records, and HR documents.
The disclosure, published on June 6, 2025, includes categories marked as Encrypted and Proof, indicating the leak is verified and contains substantial material.
Hack Manac’s report includes a screenshot showing that the stolen files are available for viewing, with an estimated income figure of $10 million tied to the affected data.
This alleged breach adds to a growing list of cyber incidents across North Africa, highlighting the increasing need for robust cybersecurity infrastructure in sectors handling large volumes of personal and financial information.
How Lynx Hacking Group Operates
The Lynx group is not a typical ransomware operator. According to researchers at Group-IB, the group runs a highly structured Ransomware-as-a-Service (RaaS) operation.
Affiliates of Lynx are provided with access to an advanced portal that includes tools for customizing ransomware payloads, managing victims, negotiating ransoms, and publishing stolen data.
Their malware supports multiple platforms — Windows, Linux, and VMware ESXi — and features modular encryption modes, ranging from quick to full encryption.
The ransomware is built using robust cryptographic standards like AES-128 and Curve25519, ensuring maximum damage and resistance to decryption.
Lynx typically gains access via phishing or exploiting vulnerabilities in VPNs. Once inside, the group disables defenses, deletes backups, and encrypts critical files, leaving behind ransom notes with links to negotiation portals hosted on the dark web.
In addition to encrypting data, the group uses double extortion tactics — threatening to leak sensitive files on their dedicated leak site if the victim refuses to pay.
The group also reportedly runs a call center to harass victims and applies psychological pressure to force payment.
Despite their aggressive tactics, Lynx maintains a code of conduct. According to Group-IB, they avoid attacking healthcare institutions, government bodies, churches, and non-profits.
No official response has yet been issued by Best Profil or Moroccan authorities.
About Author
