Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo FHNW

Group: fog

Discovered by ransomware.live: 2025-03-06

Estimated attack date: 2025-03-05

Country: CH

Data exfiltrated: 93 GB

Description:

Extract from The 19 biggest gitlabs

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 23

Compromised Users: 51

Third Party Employee Credentials: 22

External Attack Surface: 103

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • mxnra233.fhnw.ch.
  • mxnra231.fhnw.ch.
  • mxnrb232.fhnw.ch.
TXT Records
  • atlassian-domain-verification=evch7eNGYHYBivsvgA3/ptkIzVWk3RKB9DJu0oXZS7PW2zpEm6BfLnpJxrzcPfM/
  • sendinblue-code:792f857e7345d899d13084c18708491b
  • adobe-idp-site-verification=1d143fda-b50f-43ec-9f89-e15c9a529844
  • cisco-ci-domain-verification=27bf55a32ddc3ed7accce5592e6e180564f44bcb61ef224db16ca0dcb22e0aa8
  • MS=ms86321774
  • n5tVhrKXsB4AfYrFQDI89ZBFipgWiDIqz9tlMROT+JGFpiYbJ3oBZXaDIonhfEDkLcG6D/OPUwuWuL0mRTobLA==
  • jamf-site-verification=ceSub3wgQCjKS5FC9bE4LA
  • v=spf1 include:moderate.f.spf.fhnw.ch include:m1.f.spf.fhnw.ch include:m2.f.spf.fhnw.ch ~all
Cloud / SaaS Services Detected
Adobe Atlassian Microsoft 365 JamF Cisco

Leak Screenshot:

Leak Screenshot