Lamashtu, first tracked in May 2026, has claimed six victims in the past thirty days, with activity accelerating through mid-June and a noticeable shift in sector and geographic focus relative to its early profile. The group's initial claims spanned French, Romanian, and Thai targets in energy, pharmaceuticals, and film, but recent claimed victims concentrate in agriculture and food production (Great Foods in Egypt, PatayaFood in Thailand) and manufacturing (Shanpoornam Metals in Malaysia, ROTH-TECHNIK AUSTRIA), suggesting opportunistic targeting across mid-market industrial and commodity-sector firms rather than a fixed vertical strategy. It is not yet confirmed whether Lamashtu deploys file-encrypting malware or operates purely as a data-theft extortion actor; no independent technical analysis has validated encryption capability, and the group's own characterization of its operations should be treated as unverified attacker rhetoric. The duplicate victim entries appearing in the tracker (Great Foods and PatayaFood each listed twice) may reflect staging across multiple leak sites or a reposting pattern common to newer extortion actors attempting to amplify perceived reach.