Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Lee Enterprises

Group: qilin

Discovered by ransomware.live: 2025-02-27

Estimated attack date: 2025-02-27

Country: US

Data exfiltrated: 100 GB

Description:

All data will be published on March 5, 2025. We are preparing to share sensitive data with the public that could shed new light on Lee Enterprises, a prominent newspaper publishing firm active across all U.S. states. The documents we hold ab ...

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 5

Compromised Users: 100

Third Party Employee Credentials: 12

External Attack Surface: 27


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse tucows.com
MX Records
  • mx0a-00292f01.pphosted.com.
  • mx0b-00292f01.pphosted.com.
TXT Records
  • cisco-ci-domain-verification=1a42400415ff0b0038d9fd6d036dcfc6fd7ae714523c9f68e71136812e101ddb
  • g2h57l7le2vseng752kn06gm0d
  • v=spf1 ip4:72.5.95.132 include:spf-00292f01.pphosted.com include:spf.clearslide.com include:mail.zendesk.com mx include:spf.protection.outlook.com ip4:74.83.246.41 ip4:52.6.112.187 include:rdicorp-com.spf.smtp25.com include:tn-cloud.net" " include:6728858.spf05.hubspotemail.net -all
  • apple-domain-verification=0gP785nGRIo9Lh9W
  • teamviewer-sso-verification=10878a166e2744df965253118bc8f77f
  • adobe-idp-site-verification=039adc5854d3e2024125d174b988acafb7b42ea4a6c3fcc348d938dbd0b7f7ff
  • Foxit-domain-verification=f5b3b5d30c2e714eb414ff156a8b2b74
  • vmak01n5vo6b086n408hu3ldvk
  • a3bl0ifehsje0bn9hni1de6s7c
  • canva-site-verification=_j7eDRLKT8g7Jj74CnDVyA
  • ms-domain-verification=5a960229-4fce-48a0-97bc-61116dab8284
  • duo_sso_verification=fzFH1LrsSLOUrMB5zpxfPh6rsdWJ3mwPzaAC5urDS0ySMWO27TbTkQ8gZYz1mhx0
  • smartsheet-site-validation=VOmEQTm6R2THZJNhRwqBWAIkML2kJerx
  • ZOOM_verify_PzZspDMBQzCDMjUacCrztg
  • MS=ms76787204
  • nj6mapr6bk1qdn58gr9bkq61v1
  • knowbe4-site-verification=b27b6c3b831af867d612b0dcbcc663fa
  • docker-verification=302f7209-4c59-4489-b4ab-72fe25419ee4
  • 068f34239a63e4cc
  • 33ijtfgrhhtqhiu2akit245a26
  • 9i9vft60g1rorsltk0v49cel28
  • apple-domain-verification=6_v5JDB_Ysh9-mUw7Y5-jd8S-miUZ_jtL1RNtZLECH0
  • 8oqb4klll38jcomjafh3roa7dd
  • ibmid=ef2cdf6c-2e55-4708-a099-157bbe5fc766
  • facebook-domain-verification=msx2xg62woh7787gsavxawhay2cohk
  • 9u8Ki9OoSM8OprdCIv+bpJkWmHzvkiKwNyAx/hDoRVMid6jQQutDbHBcmNjvE/hue7fMH0DcAUfgQTaSgwFpXQ==
  • 7ahl9g07e1qjgpnn5qs7lughrn
  • atlassian-domain-verification=wzJHasTwG6e27snsDnSzOUdFmt1FHrUjnPabp47l4NS/bkqhaba4an69cpl1beLM
  • 1password-site-verification=KCSXMP2MHVEXBIYRUKOPFV3CXI
Cloud / SaaS Services Detected
Adobe Apple Atlassian HubSpot Microsoft 365 Zendesk Teamviewer KnowBe4 Cisco Cisco Duo Proofpoint Zoom

Leak Screenshot:

Leak Screenshot