Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Kengen

Group: qilin

Discovered by ransomware.live: 2025-08-06

Estimated attack date: 2025-08-06

Country: KE

Description:

Kenya Electricity Generating Company abbreviated to KenGen, is a government enterprise in the Republic of Kenya charged with the production of electricity for the country and around East Africa. KenGen is the largest electric power producer ...

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 75

Compromised Users: 3053

Third Party Employee Credentials: 48

External Attack Surface: 65

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • ebt-domains Safaricom.co.ke
MX Records
  • kengen-co-ke-1.fortimailcloud.com.
  • kengen-co-ke-2.fortimailcloud.com.
TXT Records
  • v=DKIM1;k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZbZxjewP32DM3Y3tPWMqIXCUwCGFLJwsmOKMMe0+HTMqAuuNq15hWRcJ0abAt9RhMTqkLdauPEiXSz3bsea\010/W50JTMYRnxLJ+uXLZzU1seBNy7KNqKS4GG1OnfR1MkopUh7qpGgiTTcWe4rwbdYIYO1dEd+Em6MojhJX8Nj+Pn\010/xk87WtVVD5sclZmeoAoD" "wgQIM1osEaeKy79gaI9695b7jkfjWb+y4Yy/XFdrDgDcyCils5zRPY0G91KNjE5kb7+TWKl4JxBtsnVS6dZsRQgaNAgGRkjqatQOd/\010t0dcwXC5gMxcCtYV2shx92WovsFVV3yF2TXO7pcvJPPlhzPQIDAQAB
  • v=spf1 +a +mx include:spf.protection.outlook.com include:_spf.fortimailcloud.com ip4:197.248.124.64/27 ip4:197.248.120.246/32 ip4:41.203.208.0/20 ip4:41.203.216.0/21 ip4:41.203.216.0/24 ip4:197.248.0.0/16 ip4:196.201.208.0/20 ip4:196.201.212.0/22 \010ip4:1" "96.201.213.0/24 ip4:197.248.124.68 ip4:154.52.2.149/32 ~all
  • MS=ms37738914
  • google-site-verification=5FhguJUDaR5vCDoLf7ZI4Pqg0mey-av3x8ngBZwzqXo
  • 14Dwelfe0NoXbm7Eawuie9pVl/Ozr5dQBUgw82j7xuwe+43TpSgNeOJ6r3/I1CBVQ05kQdIe+Wfa90hXyoh8Tg==
  • atmosphere-verification=BlWQfuIliG1sgLgQb1K0hkCIUspDbd46g0xK5Nv0eMRDZ7YwLmt8ra1gw1t8C4WkGaYRY97oiksK5p72XZRVSTkM6EExFBckORgG
  • duo_sso_verification=UoLkPpv4Et7XXPdAJLrVdXSnrQnh2Kq5yAruswB5GAhsaI6XoSxTpT1wpxJiCuCm
  • google-site-verification=oCkHdGuhI-_guKZIbV7LEf4OFVOwlDLMqzSia9N9acQ
Cloud / SaaS Services Detected
Cisco Duo

Leak Screenshot:

Leak Screenshot