Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo Garuda Indonesia Airlines

Group: Thegentlemen

Discovered by ransomware.live: 2026-02-21

Estimated attack date: 2023-07-09

Country: ID

Description:

garuda-indonesia.com zoominfo.com/c/garuda-indonesia/15630439 Garuda Indonesia is the national flag carrier of Indonesia, founded in 1949 and named after the mythical bird Garuda . The airline is a member of the SkyTeam alliance and is recognized for its "Garuda Indonesia Experience" service, highlighting Indonesian hospitality . It has received numerous accolades, including a 5-star rating from Skytrax, which it has held since 2014 . The airline operates flights to over 90 destinations worldwide from its main hubs at Soekarno-Hatta International Airport (Jakarta) and Ngurah Rai International Airport (Bali) Stock Symbol GIAA.JK


🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 200

Compromised Users: 12893

Third Party Employee Credentials: 52


External Attack Surface: 137


Infostealer Distribution


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations@web.com
MX Records
  • garudaindonesia-com01e.mail.protection.outlook.com.
TXT Records
  • DirectFedAuthUrl=https://iam.skyteam.com/app/skyteamiam_entraidtest_1/exk8xe3lgjjqM6UY50x7/sso/saml
  • DirectFedAuthUrl=https://sso.skyteam.com/app/lams_entraidauthentication_1/exki1nw5b7Ankn4wZ417/sso/saml
  • MS=ms65751892
  • fkgy76z9wdcv60qgpd19q3bzfhrl4sds
  • google-site-verification=EIv62RT-VL53gWoTzrJSnh2tAAmQjB1TvShmOUM7_UE
  • google-site-verification=PoXCWQoSz8nx0NH9R_JQPTca1tf9L_1u-0BWlPparno
  • google-site-verification=Vl7TdYz_HbhZEXGU6h43bN6SUsrW1CfB8FmSf_4Qs2A
  • google-site-verification=XJADItGcID49jVV23YYBbRPJxile7H2Lv-HOGO7Z0Hk
  • q654sGjiDr5UUgYJ1/0XL6kzqGcrHrI9k/TkAWEFV1i6+c2XEBqEa7EhKlrzd5j4DnDFYvZOUYhFsu8cngWO1w==
  • v=spf1 mx ip4:82.150.225.79 ip4:171.17.133.140 ip4:203.130.212.0/26 ip4:147.139.160.180 include:_spf.salesforce.com include:spf.protection.outlook.com include:amazonses.com ~all
Cloud / SaaS Services Detected
Amazon SES/WorkMail Microsoft 365 Salesforce

Leak Screenshot:

Leak Screenshot