A major accounting firm in the Netherlands has reportedly become the latest victim of Nova, an active ransomware operation.
The breach was discovered and indexed by ransomware live on January 23, 2026, with the estimated attack date coinciding with the discovery date.
The attackers claim to have exfiltrated sensitive data and have issued a 10-day ultimatum for contact and ransom negotiation.
Incident Overview
KPMG, one of the world’s leading professional services firms, provides comprehensive audit, tax, and advisory services to major global organizations.
The firm’s Netherlands division handles sensitive client data spanning financial services, compliance, and enterprise operations.
This targeting aligns with Nova’s established pattern of pursuing high-profile corporations in the professional services and financial sectors. Nova has emerged as a significant threat actor in the ransomware landscape.
According to threat intelligence data, the group operates multiple command-and-control (C2) infrastructure elements on the Tor network.
Analysis of publicly available indicators reveals Nova maintains a distributed leak infrastructure across multiple onion domains.
The group operates using uvicorn-based servers, indicating a standardized backend deployment.
Network defenders should block identified onion infrastructure and monitor for lateral movement patterns consistent with ransomware deployment.
Immediate incident response protocols should be activated if any Nova-related artifacts are detected in network logs. KPMG has not issued public confirmation of the breach at this time.
Clients and stakeholders are advised to monitor official communications for detailed impact assessment and remediation timelines.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
