Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

GITHUB INTERNAL

github.com
Group Lapsus$
Discovered 2026-06-13 10:02 UTC
Est. attack date 2026-06-13
Country US

Description:

Everything for the main platform is there. No ransom, we do not care about extorting Github. If no buyer is found, we leak for free.
Infostealer activity detected by HudsonRock

Compromised Employees: 299

Compromised Users: 2504650

Third Party Employee Credentials: 117

External Attack Surface: 135

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • whoisrequestmarkmonitor.com
  • abusecomplaintsmarkmonitor.com
MX Records
  • github-com.mail.protection.outlook.com. Microsoft 365
TXT Records
  • TAILSCALE-xOzoDvFUzZr5YYVCQFuD
  • calendly-site-verification=at0DQARi7IZvJtXQAWhMqpmIzpvoBNF7aam5VKKxP
  • facebook-domain-verification=39xu4jzl7roi7x0n93ldkxjiaarx50
  • adobe-idp-site-verification=b92c9e999aef825edc36e0a3d847d2dbad5b2fc0e05c79ddd7a16139b48ecf4b
  • jamf-site-verification=XtaPNIYghF_e_xRDI8CjgQ
  • MS=ms58704441
  • google-site-verification=UTM-3akMgubp6tQtgEuAkYNYLyYAvpTnnSrDMWoDR3o
  • 00Dd0000000hHE0=1TBKg000000TN2r
  • loom-site-verification=f3787154f1154b7880e720a511ea664d
  • docusign=087098e3-3d46-47b7-9b4e-8a23028154cd
  • google-site-verification=82Le34Flgtd15ojYhHlGF_6g72muSjamlMVThBOJpks
  • v=spf1 ip4:192.30.252.0/22 include:spf.protection.outlook.com include:_netblocks.google.com include:_netblocks2.google.com include:mail.zendesk.com include:_spf.salesforce.com include:servers.mcsv.net include:mktomail.com include:sendgrid.net ip4:62.253.2" "27.114 ip4:166.78.69.169 ip4:166.78.69.170 ip4:166.78.71.131 ~all
  • krisp-domain-verification=ZlyiK7XLhnaoUQb2hpak1PLY7dFkl1WE
  • stripe-verification=f88ef17321660a01bab1660454192e014defa29ba7b8de9633c69d6b4912217f
  • MS=ms44452932
  • apple-domain-verification=RyQhdzTl6Z6x8ZP4
  • MS=6BF03E6AF5CB689E315FB6199603BABF2C88D805
  • miro-verification=d2e174fdb00c71e0bcf58f8e58c3da2dd80dcfa9
  • shopify-verification-code=t1YPwcmvnxZyBycaCpk1MPyWoFs72o
  • atlassian-domain-verification=jjgw98AKv2aeoYFxiL/VFaoyPkn3undEssTRuMg6C/3Fp/iqhkV4HVV7WjYlVeF8
Cloud / SaaS Services Detected
Adobe Apple Atlassian Mailchimp Microsoft 365 Salesforce Stripe Marketo Calendy Miro JamF Zendesk SendGrid DocuSign

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.