hydmech.com
hydmech.com
Group: cactus
Discovered by ransomware.live: 2024-06-24
Estimated attack date: 2024-06-24
Description:
Download link #1: https://***************.onion/HYDMECH/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/HYDMECH/PROOF/DATA DESCRIPTIONS: Engineering data - drawings, r&d, QA, Personal Identification information (passports, DLs, etc.), customer agreements, HR confidential data, executives and employees personal folders, financial statements\payroll, etc.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 0
Compromised Users: 3
Third Party Employee Credentials: 0
External Attack Surface: 1
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domainabuse tucows.com
MX Records
- hydmech-com.mail.protection.outlook.com.
TXT Records
- MS=ms64669478
- _globalsign-domain-verification=146pRbhL7zhhb7yDhdSXeD7voHMISdqpMNZZgjfE94
- v=spf1 +a ip4:23.21.109.197 ip4:23.21.109.212 ip4:147.160.167.0/26 ip4:212.77.83.28 ip4:24.114.223.234 ip4:172.96.176.107 a:mail.hydmech.com include:_spf.salesforce.com include:spf.protection.outlook.com include:spf-ca.emailsignatures365.com -all
- google-site-verification=OHP1IHj5iYrMQsknLjfZtcJUUOXmmvx_pigVX9ygHYY
Cloud / SaaS Services Detected
Microsoft 365
Salesforce
Leak Screenshot:
