Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo chfindustries.com

Group: Cactus

Discovered by ransomware.live: 2025-02-24

Estimated attack date: 2025-02-24

Country: US

Description:

<p>Household Goods.<br><br>“Family-run since 2002, CHF is, at its heart, a community of people with a shared passion for enhancing home life. The company weaves that perspective into every aspect of business, from encouraging work-life balance for employees to creating workplace initiatives and charitable giving programs to help foster responsible working conditions, fair compensation, respect for human rights, and environmental stewardship.”<br><br>Website: <a href="https://www.chfindustries.com/">https://www.chfindustries.com/</a><br><br>Revenue : $253.8M<br><br>Address: 1 Park Ave Fl 9, New York City, New York, 10016, United States<br><br>Phone Number: (212) 951-7800<br><br><mark class="marker-yellow"><strong>Download link #1:</strong></mark> <a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/CHFINDUSTRIES/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/CHFINDUSTRIES/PROOF/</a><br><br><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CHFINDUSTRIES/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CHFINDUSTRIES/PROOF/</a><br><br><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Personal identifiable information, corporate confidential documents, contracts\agreements, production docs\drawings\designs, shipping data, employees personal documents, financial data, customer docs, corporate correspondence, etc.</p><p><img src="/uploads/passport_scan_89bc13afc8.png" alt="passport_scan.png"><img src="/uploads/Docs_DI_61000_Nishat_9756836dd9.png" alt="Docs_DI61000_Nishat.png"><img src="/uploads/CONFIDENTIAL_Ci_CLO_Certified_Manufacturing_Partners_08_2024_eff52d31fe.png" alt="CONFIDENTIAL CiCLO Certified Manufacturing Partners 08_2024.png"><img src="/uploads/CHF_Confidentiality_Agreement_f9bbdf919a.png" alt="CHF&nbsp;Confidentiality&nbsp;Agreement.png"><img src="/uploads/2025_Docusign_CHF_Industries_x_CRUSH_1_8_25_7ed81d48e8.png" alt="2025 Docusign_CHF_Industries_x_CRUSH 1.8.25.png"></p>

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 11

Compromised Users: 0

Third Party Employee Credentials: 1

External Attack Surface: 1


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • chfindustries.com.mx4.rcimx.com.
  • chfindustries.com.mx3.rcimx.com.
  • chfindustries.com.mx2.rcimx.com.
  • chfindustries.com.mx1.rcimx.com.
TXT Records
  • v=spf1 a mx ip4:173.226.80.195 ip4:66.6.200.26 ip4:66.6.204.159 ip4:66.6.204.160 ip4:66.6.204.203 ip4:208.80.200.0/21 include:_spf.salesforce.com include:mktomail.com include:spf.protection.outlook.com include:spf.conversica.com ~all
  • klaviyo-site-verification=JY2YBz
  • MS=27A93BB0DB30FE5414B2A1C3DA5FB5BE8FE3179D
  • google-site-verification=xQFouK5zbD3bIG91YeRHtBcL2d0jHGQaJuk9UktCThk
Cloud / SaaS Services Detected
Salesforce Marketo

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.