south african airways (flysaa.com)
south african airways (flysaa.com)
Group: incransom
Discovered by ransomware.live: 2025-05-16
Estimated attack date: 2025-05-16
Country:
Description:
South African Airways (SAA) is a passenger and freight airline that is owned and operated by the South African government. Saa is a member of the Star Alliance network and is headquartered in Johannesburg, South Africa
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 27
Compromised Users: 819
Third Party Employee Credentials: 26
External Attack Surface: 114
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domain.operations web.com
MX Records
- za-smtp-inbound-2.mimecast.co.za.
- za-smtp-inbound-1.mimecast.co.za.
TXT Records
- MS=ms63743316
- apple-domain-verification=bJjclwopgRlRvS3j8dWB86cNraVfcqkdmCvIPZRXnEQ
- google-site-verification=nFvGhyXNwJTI0lMDTlMgnJPc_5XIh8XQuRWU1vlWVsY
- v=spf1 include:za._netblocks.mimecast.com include:_spf.enem.nl a:mail.travelnet.co.za include:spf.mandrillapp.com ip4:82.150.225.79 ip4:167.89.94.132 ip4:171.17.133.140 include:SA-spf.email15.net include:spf.mailjet.com include:_relay.amadeus.com -all
- ZLzVlo5mBIxnBCIYL9uaP9mSgCUCi8YxZJuKQ+l+0HwbVYJUwOT3L5dcSc/h35KVvgomgdYFL4NEclJsTnPflw==
- google-site-verification=lGbxQK7pOO2uegZEkIGIzx3__s9WPnf4w5PeqjN-lCk
Cloud / SaaS Services Detected
Apple
Microsoft 365
Mandrill
Mailjet
Mimecast
Leak Screenshot:
