Ascom Holding AG
Ascom Holding AG
Group: hellcat
Discovered by ransomware.live: 2025-03-16
Estimated attack date: 2025-03-15
Country:
Description:
44GB of sensitive data including internal reports, sales documents, confidential contracts, development tools, and source code stolen from Ascom.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 1
Compromised Users: 12
Third Party Employee Credentials: 3
External Attack Surface: 5
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domainabuse cscglobal.com
MX Records
- mx1.hc1260-33.eu.iphmx.com.
- mx2.hc1260-33.eu.iphmx.com.
TXT Records
- msfpkey=265xbdkeklrm9die4qxkydbyw
- pardot903351=7da41970f3acbea199ce80d360a800dd4c85e35d81827c8e309df69baa66ee19
- r9ldclk5hzt75rgdb41rjz34nvbly89w
- s7p5p706lg3c7smvhl955x57d66fp810
- v=spf1 include:spf1.ascom.com include:spf2.ascom.com include:_spf.afasonline.nl include:_spf.defgo.net include:spf.protection.outlook.com include:aspmx.pardot.com include:spf.crsend.com ip4:91.233.125.0/24 ip4:89.188.72.134 -all
- 81dbbd5c7ae5437e8e6e27c6cd1b0294
- _f3lx0k4o5vh8z171u0st8czckqxwgv2
- cqgzxgqjmftlfr42pd0hsxqkd5ww72hn
- d365mktkey=7mXX5yH9yJR9wtLh2eiQ1C63GV35lyfwhdeDNLtIvrMx
- facebook-domain-verification=x9ckob8a4m3o1q5lcw15wcq3x3wy1z
- google-site-verification=F0SD8TfHn_gFGBB28LjaLdCznNFxR0bw9l9RWlMJO-0
- google-site-verification=dSur9ythO0vSBkI5qax5pmkvoTyCVxzeVO0EmJKdI9w
Cloud / SaaS Services Detected
Salesforce