www.francetravail.fr
www.francetravail.fr
Group: Stormous
Discovered by ransomware.live: 2025-10-27
Estimated attack date: 2025-10-27
Country:
Description:
Plaintext authentication credentials (usernames/passwords)-(full names, dates of birth, gender)-(addresses, phone numbers, emails)-Employment history and professional skills-CNI-RIB - Relevé d'Identité Bancair - CDD, CDI, temporary missions - spanning multiple years - Tax documents (Avis d'imposition) - Social security attestations - Training certificates - Work authorization documents and more ....
Compromised Employees: 0
Compromised Users: 14153
Third Party Employee Credentials: 9
External Attack Surface: 57
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
- registrar nameshield.net
- admin-domaines-internet francetravail.fr
- smtp1.francetravail.fr.
- CCADDUZ8ZAI2NIWRHGBJ36MOELQ2Z41MX0AAFVTP
- v=spf1 ip4:185.215.65.0/24 include:spf.prosodie.net -all
- google-site-verification=LAt4YcNtZ8SoYAyCZ31TbyziIKo-CPEH8St1bojCSe8
- google-site-verification=ILeUL71--ZnfG118q_sUk21kB9ukzGxe3UVxUva85ew
- zscaler-verification-32568407-19092025-qmq4gk3ok2
- Dynatrace-site-verification=f712ebae-3394-4f82-a889-d0cd274d3300__ud6u5f2en1o1v97om0g6rsatr
Leak Screenshot:
