Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo conduent.com

Group: safepay

Discovered by ransomware.live: 2025-02-20

Estimated attack date: 2025-01-09

Country: US

Description:

[AI generated] Conduent is a global company specializing in business process services. They provide digital platforms and services for both businesses and governments. Conduent's expertise covers sectors like healthcare, transportation, and financial services among others. Their services aim to improve user experiences, boost operational efficiency and increase client satisfaction. They were formerly a part of Xerox.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 518

Compromised Users: 1182

Third Party Employee Credentials: 310

External Attack Surface: 135


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • mxb-008a4301.gslb.pphosted.com.
  • mxa-008a4301.gslb.pphosted.com.
TXT Records
  • docusign=85f5c4af-fb5a-4aac-8876-02cc111687bd
  • atlassian-domain-verification=GIb04qWVoHC/BEA2IWPJa8QojTO6I+2d7dIEWDYhlaclO1edibLkNVe84EgtVUGa
  • google-site-verification=8EA7VK0LtPQXE5GDsXSDmoAMWDAsvwZPGV3sDQziaPU
  • globalsign-domain-verification=5f78ac84e49d274accdeacb16959fecd
  • sparkpostmail.com
  • globalsign-domain-verification=1FB8427D46A4F8F5EA86F4DE2081D8CE
  • google-gws-recovery-domain-verification=53995563
  • google-site-verification=oAtxG2hWmMqZHo8sh_XHR9EqrE3skOEcQn87K72KnPk
  • v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all
  • globalsign-domain-verification=56fb33d270c719f862332c8735053dc6
  • atlassian-domain-verification=3NgmJ7UXkI4hJH8OtML5MLOLuZnxJg/e9tUTamregqy5cubZVIwiNXzNxK7ZpXN5
  • knowbe4-site-verification=edb4f092b74fa721dd29b9f536c6272a
  • e28GHHzx5FAS8v4Xuan16EURU81tTqS+CHiC3eVwPcgjiUtLBL0+Ej1WxO2knssWSo2GuODsd9cnnIT7Io/RcQ==
  • google-site-verification=ogYY7I7El3zM_E_Qh8paujXIwftygL28uNjndCFtVoc
  • google-site-verification=lF2hFxFR-8VkoU32r-brtO0rcaa_cSVSvYTu1VGTObE
  • HHYf5jdWYV/6nRI2JX/Au8/Tj30A9nqb9oj4jXDLTSJ3MSTgvjkRndRdkwe47wEn3ow2K1vPJq1WT8Ez162zow==
  • docusign=3a2def56-cb55-4b06-b5da-ebf05bc6facd
  • hj-ownership=cowiaUDftED7
  • apple-domain-verification=5DUvdbLISQxt3j09
  • globalsign-domain-verification=d36c1fe88459deb3b85724af4d6da4f7
  • globalsign-domain-verification=9ecc6119a1a33f3a62f27fa5e7cd3b44
  • MS=ms55208253
  • jamf-site-verification=-p8ufGp6nr1FFfTFdbLubA
  • hgDuaJOkrahmtiWeDpRn1zuXvsfvR0f2rStxqHXeLCeRW0cjE5POpemQT3ZIDGluffKvvp4x2r7vAjkY+mkxbg==
  • cisco-ci-domain-verification=22fc9afa97cac549c18bfc6573f31279061607af3a74edaa98b5a4136d8db9cc
Cloud / SaaS Services Detected
Apple Atlassian Microsoft 365 JamF KnowBe4 Cisco DocuSign Proofpoint

Leak Screenshot:

Leak Screenshot