Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

fgv.br

fgv.br
Group Dragonforce
Discovered 2026-03-02
Est. attack date 2026-03-02
Country BR

Description:

Fundação Getulio Vargas (FGV) is a prestigious educational institution in Brazil, offering a wide range of programs including undergraduate, MBA, master's, and doctoral courses. It serves students, professionals, and organizations, focusing on developing leadership and providing high-quality education. FGV also engages in research and provides technical assistance to both public and private sectors, contributing to national and international debates. Additionally, FGV promotes cultural initiatives and publishes academic works to enhance education and research in the country.
Infostealer activity detected by HudsonRock

Compromised Employees: 151

Compromised Users: 88336

Third Party Employee Credentials: 183

External Attack Surface: 152

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • fgv-br.mail.protection.outlook.com.
TXT Records
  • MS=ms11821374
  • _peuw6bxyzqw3iuay7p2v44nloyzpbut
  • vmware-cloud-verification-914f07e5-c9b9-4ef0-b771-390dbcedd046
  • rnq78t2w6clh5fvjlz0yr85b5mbnvqtb
  • google-site-verification=tdwNsFu6M0cFngGL0QsPn4MYECKCd1GRRzLfebjKmaI
  • SFMC-pIn81NXTNPrczRud9FFSGCkqyWoXrkbxqtl4wCsn
  • d4sign-domain-verification=abd60656-4af4-43c7-802f-fa75f6581f6d
  • SFMC-A1n4cSU66-00qkGdXaxV4ZA5qizEazqQRh9vhzN1
  • v=spf1 ip4:189.125.96.248/28 ip4:200.255.81.248/28 ip4:189.125.96.23 ip4:189.125.96.24 ip4:189.125.96.215 ip4:189.125.96.246 ip4:200.255.81.21 ip4:200.255.81.22 include:a._spf.brightspace.com include:spf.protection.outlook.com -all
  • google-site-verification=jOwIaowvElWCwEaXGP7EuxRDhjDmfpKhzfFsD-oIG24
  • DeL2XJfa1YzATCND92omuo9qXBoOMG80/s2nfR3xM0A=
  • atlassian-sending-domain-verification=dce48094-672b-4fd6-b144-1ceedc7af619
  • wiAsTMQWv5/0kLPUsvraHDzeDRpeVle1hkZbIsZb8ezaasD/De+xKzuet5iwYzRa9EUyhoC5ZgXUrRzyV/akIg==
  • _globalsign-domain-verification=4wYkMfLG-npJgsynad60NF5fC0TdXfoZn-_wJ4Wqer
  • atlassian-domain-verification=IDeWTrb1ckygbflJ9A/g5OG2P8rFsf1XZVSgd3H8cnBSKdtpFuNDWZgrzLB8Aruf
  • atlassian-domain-verification=KYfL4KMeu1mD5wOi2qzFGpmKxxtUgeo8h/J8cO1BYu4ZzZY0sNjwIbrUcu6Fz1jQ
  • google-site-verification=vlXH34AG-kdKF5migFYTgMqboBry2FUqBnePvEh5Y_w
Cloud / SaaS Services Detected
Atlassian Microsoft 365

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.