TransCore ITS, LLC
TransCore ITS, LLC
Group: crypto24
Discovered by ransomware.live: 2025-07-20
Estimated attack date: 2025-03-31
Country:
Description:
We’ve successfully breached the internal network of TransCore’s Dubai office.Over 200 GB of internal data has been exfiltrated, including in-development source code, full file sets from active and archived client projects, internal financial records, and a massive trove of unprotected customer data — all stored without proper safeguards.The stolen data contains clear violations of multiple NDAs, exposing confidential third-party materials and client information.
Compromised Employees: 0
Compromised Users: 1
Third Party Employee Credentials: 8
External Attack Surface: 6
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
- domain.operations web.com
- transcore-com.mail.protection.outlook.com.
- globalsign-domain-verification=28C71F4CD8F5EB5F75FC10D5AA2AA16E
- MS=ms32461743
- T9leV0zltfvSVJ/aOcjmnejFeFo9tH0IJpHeiWyCOMIrtT5bFs1AaIGBomUChe0C9sF6kxRp9nguTHJgSW3OZA==
- google-site-verification=AUXm_pQ4OXoycjrbt8pEueF5sxr0G3fmso8tfnBQKgE
- _jhno39dzplim9sjka0hdgyv50wzpgfq
- atlassian-domain-verification=pLwLWwbHVEAgoBSIaip8UPaBToboIH1XT8HUcLefl35fDLo36uaJQSXjqlgGZze1
- v=spf1 include:spf.sendinblue.com include:spf.protection.outlook.com include:ultipro.com ip4:198.176.39.81/32 ip4:185.41.28.0/22 ip4:94.143.16.0/21 ip4:185.24.144.0/22 ip4:153.92.224.0/19 ip4:213.32.128.0/18 ip4:185.107.232.0/22 ip4:77.32.128.0/18 ip4:77." "32.192.0/19 ip4:208.64.205.220/32 ip4:208.64.205.134/32 ip4:70.175.226.205/32 ip4:12.16.45.82/32 ip4:50.229.115.242/32 -all
- atlassian-domain-verification=6vvdKPj50j/1FvuD1I0Dd0/WOUw9AHVx25oYhEty7ASLNhmYByTMmFTQLLLNvCkE
- Dynatrace-site-verification=beb3ff0c-45a3-48d4-851c-0d98d3ae2581__8ogutbv06r2icjkg90j2nvogua
- smartsheet-site-validation=jAS8PfRPzOjYVvT6lDwlmNcFdgwv3F6h
- 5h96cqe351ciom97uc7kciklf1
- Sendinblue-code:e55155b5d4857ef583c41fda5800f962