Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Kaefer

Group: everest

Discovered by ransomware.live: 2025-05-08

Estimated attack date: 2025-05-08

Country: GB

Description:

[AI generated] Kaefer is a global company that specializes in providing services in insulation technology, interior outfitting, surface protection, passive fire protection & refractory, and access solutions. Headquartered in Bremen, Germany, the firm operates in various sectors such as industry, offshore, marine, and construction. Established in 1918, Kaefer aims to provide energy efficient solutions and services.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 7

Compromised Users: 15

Third Party Employee Credentials: 44

External Attack Surface: 33

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • kaefer-com.mail.protection.outlook.com.
TXT Records
  • atlassian-domain-verification=NMNRlBElqJt5CH1Ci3CttRbxnGC5aqxAOkx6rh7SVNVr3tsoU5NtdrdgJ3bRHYLo
  • workplace-domain-verification=dti5DtfphEEDj7uM4jWhzVXP79mAXA
  • MS=ms28130781
  • google-site-verification=jK935nhPrI_Pid_5BOzRxVc0Nboml-QDCiK6uO27oNM
  • 7H5DXJVFoMKoCcfQEYWW5oJ0OePFzOSAughcDBb25WEP33Zj9Lfzpvd70XkurKYmCUczd/tpXI2Br1RkZZiNUg==
  • msfpkey=2obr7blue6yb50ubaibk4uxas
  • docusign=bcba6eb5-c8dd-4d06-bd2e-df9e8c2c5b33
  • canva-site-verification=4vZqD55JfIARpFsOOUpTlA
  • brevo-code:be284d6d2d20d7163ee779eb40f7c9f5
  • v=spf1 include:spf.mailjet.com mx:kaefer.com ip4:213.41.42.92/31 ip4:78.109.56.208/32 ip4:5.10.8.53/32 IP4:213.239.205.228 ip4:66.18.251.14/32 ip4:213.95.13.132/31 ip4:91.215.75.0/27 ip4:83.220.131.104/29 ip4:149.137.213.25 ip4:149.137.209.25" " ip4:116.203.188.178 ip6:2a01:4f8:c2c:6e9f::1 ip4:3.67.54.56 ip4:213.41.42.80/28 ip4:64.73.120.224/27 ip6:2a05:d014:b6d:df05::1000 ip4:3.65.81.9 ip6:2a05:d014:b6d:df04::1001 ip4:18.153.184.0/27 ip6:2a05:d014:b6d:df07::1000/124" " ip4:51.105.179.14 ip4:1.179.112.0/20 ip4:77.32.148.0/24 ip4:185.41.28.0/24 ip4:195.68.23.32/28 ip6:2a05:d014:b6d:df08::1000/124 mx:navex.eu mx:umantis.com include:_spf.createsend.com include:umantis.com include:spf.protection.outlook.com -all
Cloud / SaaS Services Detected
Atlassian Microsoft 365 Mailjet DocuSign

Leak Screenshot:

Leak Screenshot