Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo North Kitsap School District

Group: nightspire

Discovered by ransomware.live: 2025-05-09

Estimated attack date: 2025-05-06

Country: US

Data exfiltrated: 20MB

Description:

North Kitsap School District (USA)

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 26

Compromised Users: 3

Third Party Employee Credentials: 43

External Attack Surface: 6

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse godaddy.com
MX Records
  • alt3.aspmx.l.google.com.
  • alt4.aspmx.l.google.com.
  • aspmx.l.google.com.
  • alt1.aspmx.l.google.com.
  • alt2.aspmx.l.google.com.
TXT Records
  • google-site-verification=s6d7bSTd84BrtnxLTCVewTLczMpFJDtF3fBZc0Juqdg
  • intersight=0f2421ab8564d4c21735f1b77dd3dc213b3926abdb65fe5d330b642ef7739b2d
  • bw=mOE/ynD+WQTtYuWqhoPUDMH9bVB226q+v1GUmIvx5u/N
  • adobe-idp-site-verification=3ea5691b93d86f564030a7a21f054956aea196c6ef7144e03a2b076cf0b053e0
  • ZOOM_verify_z8mZIL4MTNiZT8aIbkcwQQ
  • google-site-verification=FIxTaYKi8Wkr3dPT3lFU0LdNy8sVWa4luUE09Q-ro8k
  • google-site-verification=uZatqj4zFGNtbyc4w2eO3t7MTNVPYvLfLcDLM-pXwbw
  • 554RGVEcpLWOOWDz8pqC6ETtPWlcp/6h0a8y+ynPDUkYVIQql52pQSJkB1hRsaNoftdBxg06QPRHtn7QkBQABQ==
  • v=spf1 mx a ip4:152.157.6.20 ip4:199.36.164.0/22 ip4:152.157.6.7 ip4:152.157.6.8 ip4:192.206.201.36 ip4:152.157.6.22 ip4:152.157.6.52 ip4:152.157.6.10 ip4:192.207.104.201 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip4:172.217.0" ".0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249" ".80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ip4:192.207.104.202 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/48 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/" "36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ip4:152.157.188.223 include:spf.protection.outlook.com include:customerspf.schoolmessenger.com include:bmesend.com ~all
  • MS=ms31110562
Cloud / SaaS Services Detected
Adobe Microsoft 365 Zoom