Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo chfindustries.com

Group: Cactus

Discovered by ransomware.live: 2025-02-24

Estimated attack date: 2025-02-24

Country: US

Description:

<p>Household Goods.<br><br>“Family-run since 2002, CHF is, at its heart, a community of people with a shared passion for enhancing home life. The company weaves that perspective into every aspect of business, from encouraging work-life balance for employees to creating workplace initiatives and charitable giving programs to help foster responsible working conditions, fair compensation, respect for human rights, and environmental stewardship.”<br><br>Website: <a href="https://www.chfindustries.com/">https://www.chfindustries.com/</a><br><br>Revenue : $253.8M<br><br>Address: 1 Park Ave Fl 9, New York City, New York, 10016, United States<br><br>Phone Number: (212) 951-7800<br><br><mark class="marker-yellow"><strong>Download link #1:</strong></mark> <a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/CHFINDUSTRIES/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/CHFINDUSTRIES/PROOF/</a><br><br><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CHFINDUSTRIES/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CHFINDUSTRIES/PROOF/</a><br><br><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Personal identifiable information, corporate confidential documents, contracts\agreements, production docs\drawings\designs, shipping data, employees personal documents, financial data, customer docs, corporate correspondence, etc.</p><p><img src="/uploads/passport_scan_89bc13afc8.png" alt="passport_scan.png"><img src="/uploads/Docs_DI_61000_Nishat_9756836dd9.png" alt="Docs_DI61000_Nishat.png"><img src="/uploads/CONFIDENTIAL_Ci_CLO_Certified_Manufacturing_Partners_08_2024_eff52d31fe.png" alt="CONFIDENTIAL CiCLO Certified Manufacturing Partners 08_2024.png"><img src="/uploads/CHF_Confidentiality_Agreement_f9bbdf919a.png" alt="CHF&nbsp;Confidentiality&nbsp;Agreement.png"><img src="/uploads/2025_Docusign_CHF_Industries_x_CRUSH_1_8_25_7ed81d48e8.png" alt="2025 Docusign_CHF_Industries_x_CRUSH 1.8.25.png"></p>


🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 11

Compromised Users: 0

Third Party Employee Credentials: 1


External Attack Surface: 1



DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • chfindustries.com.mx4.rcimx.com.
  • chfindustries.com.mx2.rcimx.com.
  • chfindustries.com.mx3.rcimx.com.
  • chfindustries.com.mx1.rcimx.com.
TXT Records
  • klaviyo-site-verification=JY2YBz
  • MS=27A93BB0DB30FE5414B2A1C3DA5FB5BE8FE3179D
  • v=spf1 a mx ip4:173.226.80.195 ip4:66.6.200.26 ip4:66.6.204.159 ip4:66.6.204.160 ip4:66.6.204.203 ip4:208.80.200.0/21 include:_spf.salesforce.com include:mktomail.com include:spf.protection.outlook.com include:spf.conversica.com ~all
  • google-site-verification=xQFouK5zbD3bIG91YeRHtBcL2d0jHGQaJuk9UktCThk
Cloud / SaaS Services Detected
Salesforce Marketo

Leak Screenshot:

Leak Screenshot