Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Jangho Group

jangho.com

Group: Ransomhouse

Discovered by ransomware.live: 2024-08-19

Estimated attack date: 2024-08-11

Country: CN

Description:

Jangho Group Co., Ltd. (hereinafter referred to as “Jangho Group”, “the Company” or “we”, stock code: 601886) is a large multinational corporation listed on SSE A-share mainboard. Headquartered in Beijing, the Company was established in 1999 and formerly known as Beijing Jangho Curtain Wall Co., Ltd. By upholding the holy mission of “working for human’s living environment and health”, we are devoted to supplying green building system services and high-quality medical health services. The Company has two business sectors, i.e., building decoration and medical health, and has established several world’s famous brands such as JANGHO, Sundart, Gangyuan, SLD and Vision. With our business involving more than 20 countries and regions worldwide, we take lead in such fields as building curtain wall, interior decoration and design, PV building and eye medical treatment.
Infostealer activity detected by HudsonRock

Compromised Employees: 9

Compromised Users: 7

Third Party Employee Credentials: 8

External Attack Surface: 9


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • DomainAbuse@service.aliyun.com
MX Records
  • mail.jangho.com.
TXT Records
  • v=spf1 ip4:210.87.247.25 ip4:218.205.146.135 ip4:218.205.146.136 ip4:218.205.146.130 ip4:42.99.128.101 ip4:223.197.179.226 ip4:202.66.31.34 ip4:119.73.176.22 ip4:218.205.146.153 ip4:218.205.146.157 include:spf.icoremail.net -all
  • apple-domain-verification=M15orT5JHaXPEOIz
Cloud / SaaS Services Detected
Apple

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.