Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Adaptavist Group LTD

adaptavist.com
Group Thegentlemen
Discovered 2026-04-08 15:26 UTC
Est. attack date 2026-03-23
Country GB

Description:

Adaptavist Group LTD is a British platinum Atlassian partner and enterprise software developer serving Fortune 500 clients including NASA, Visa, Deutsche Bank, and government organizations. The company's flagship product is ScriptRunner for Atlassian Jira, Confluence, and Bitbucket. Complete infrastructure compromise: source code of all products (ScriptRunner, Salable licensing platform), 484,220 customer records from HubSpot CRM (GDPR violation), 20,000+ legal tickets with 33,000 documents including 2,000 NDAs and contracts, 3TB+ from Nexus repositories (production secrets, Docker images, Helm charts), Kubernetes, OAuth credentials, Snowflake Data Warehouse, Confluence (24,547 pages, 100+GB documentation), production databases. Licensing system compromised enabling product cloning.
Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 48

Third Party Employee Credentials: 2

External Attack Surface: 34

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • trustandsafetysupport.aws.com
MX Records
  • alt1.aspmx.l.google.com. Google Workspace
  • alt2.aspmx.l.google.com. Google Workspace
  • aspmx2.googlemail.com. Google Workspace
  • aspmx3.googlemail.com. Google Workspace
  • aspmx.l.google.com. Google Workspace
TXT Records
  • v=spf1 a:avms-prod-mail1.adaptavist.cloud a:eu-relay1.adaptavist.com a:na-relay1.adaptavist.com a:relay.openair.com include:455061.spf10.hubspotemail.net include:_spf.google.com include:shops.shopify.com ~all
  • google-site-verification=DIGyGOMHdjelXZP7ddJXbpE8gWX6iVgu6WRFN-GjOyo
  • miro-verification=c2658feb237be8366c47b5fd6df703a5735e7278
  • amazonses:u3b/GxEA6bGm5ZhACvoG04BdtKTx43YJNY1SL/PfoR4=
  • atlassian-sending-domain-verification=43a140f1-b7e3-46e7-9c56-405d60512aba
  • MS=ms64578630
  • amazonses:90zDB36XJ/H7f9BWWhr1yW2E4PY5PILukn9jI/N+Mz8=
  • google-site-verification=uI5AoLJOsoawwi4MMUYsOPbvkdoJoEsHtO1XOSEcsb8
  • g7j9lgqfu5jjdmrgqtt8ecncp9
  • apple-domain-verification=sKc4WuDUDLCKhLPT
  • hibp-verify=dweb_38pa29rxhn02qvln3i6mbv6v
  • google-site-verification=2o0nJVRrHcFlSYpKw4JOdK5MmAOUQLIFY7nP1KjHMtM
  • google-site-verification=XaqlwK7XdQT3SuARVAL4-8bT1gN-4nxeSvMSXc70aVE
  • loom-verification=2623388275
  • 123-reg-verification=tjuiekih277n8nbfbios98f417
  • google-site-verification=pDZKF8M0CR2m5v-cjnpPUiAiVysgYKotI8f4Pui32sc
  • docker-verification=461fdb98-187d-43ce-8086-49066918951a
  • facebook-domain-verification=feo3t5flmrxod5gvu97qluvy97813s
  • atlassian-domain-verification=DEefhVFsTuEG99+Qr7AAec-TFqTLz7tD5US8hm1te32xFZXEY8y8yH0VLdqXh/kT
  • google-site-verification=ERtkPy1B4zNuUBuI5nytuokQW60yP6sHds_FhKDo0JY
  • hcp-domain-verification=8e0f7f4be27df4d1a422379185301184bc252d05d59ae12fd00a49c62f7e8264
  • atlassian-domain-verification=0H/De//zzdpDQ6vqjcTlwaAle/YQdoWNmByHp1p9BjtCtEayKehFDIP4mEM/OSJW
  • google-site-verification=zPkkue5X3SF31WI5Y8hn0F9iv5MrZxIQuO9CvmaBYC4
  • count-okta-JdSYKWY06wJ1oic7XRIKM
  • atlassian-domain-verification=/s42lzK6bCVPWdeaCtqTlBkd5uclasKUBxCy6pb0ACluKKpCW54oaJdaraCDhuDW
Cloud / SaaS Services Detected
Apple Atlassian Amazon SES/WorkMail Docker HubSpot Microsoft 365 Shopify Miro

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.