Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo 2GO Group

Group: Thegentlemen

Discovered by ransomware.live: 2025-10-05

Estimated attack date: 2025-10-05

Country: PH

Description:

Stock Symbol 2GO www.2go.com.ph https://www.zoominfo.com/c/2go-group-inc/372139552 https://en.wikipedia.org/wiki/2GO_Group 2GO Group, Inc. (2GO) is a leading Philippine logistics and transportation solutions provider, majority-owned by SM Investments Corp. with Trident Investments as another key shareholder. The company offers a broad range of services including domestic sea freight, passenger travel, courier and parcel delivery, project logistics, freight forwarding, specialized container transport (ISO tanks, temperature-controlled units), express and last-mile delivery, warehousing, inventory management, and nationwide cargo drop-off through retail outlets. As of 2025, 2GO operates a fleet of nine vessels—eight RoRo/RoPax ships and one freighter—linking 19 ports across Luzon, Visayas, and Mindanao, with major operational hubs in Manila, Cebu, Iloilo, Bacolod, and Cagayan de Oro.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 19

Compromised Users: 328

Third Party Employee Credentials: 93

External Attack Surface: 102

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • mxb-00968801.gslb.pphosted.com.
  • mxa-00968801.gslb.pphosted.com.
TXT Records
  • zoho-verification=zb25192475.zmverify.zoho.com
  • v=spf1 ip4:202.126.45.38 include:_spf.sm.com include:spf.protection.outlook.com include:_spf.google.com include:mail.zendesk.com -all
  • google-site-verification=ssk_p7LQmo7qp2qHa-ouCSY_F66wl9vKFIBkE5Lk4es
  • _globalsign-domain-verification=VTjm4O28GPSGvnWFA_JLAr1zugjlPOFtG9JCw6IIlz
Cloud / SaaS Services Detected
Zendesk Zoho Campaigns

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.