Ministry of Foreign Affairs of Ukraine
Ministry of Foreign Affairs of Ukraine
Group: qilin
Discovered by ransomware.live: 2025-03-06
Estimated attack date: 2025-03-06
Country:
Description:
The data of the Ministry of foreign affairs of Ukraine ended up in our hands. The part of it was sold succesfully. Among the rest data: private correspondence, personal information, decrees etc.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 2
Compromised Users: 2733
Third Party Employee Credentials: 2
External Attack Surface: 103
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- it mfa.gov.ua
MX Records
- mxb-004f6b01.gslb.pphosted.com.
- mxa-004f6b01.gslb.pphosted.com.
TXT Records
- google-site-verification=g_QgFGNHnuer2jvIXdB-lyZXr6OydTQLbpVRrMIuQQU
- ms-domain-verification=69d69fdf-910e-4d97-820e-943b4f69908e
- v=spf1 mx include:spf.protection.outlook.com ip4:212.26.137.15/32 ip4:88.81.238.186/32 include:spf-004f6b01.pphosted.com -all
- _globalsign-domain-verification=CEaVDAdOV9SqxirMHMGAblXzokPYqK6hrT2G4vwevU
- _globalsign-domain-verification=lonu6mJzNnyjUYF03SWIzSvWGbdgo-i_Fd87qkp1Yj
Cloud / SaaS Services Detected
Proofpoint
Leak Screenshot:
