Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

GROUPHC

heidelbergmaterials.com
Group Blackbasta
Discovered 2023-08-22 09:11 UTC
Est. attack date 2023-08-22
Country DE

Description:

*At Heidelberg Materials, we’ve been contributing to progress for 150 years. With more than 51,000 employees at almost 3,000 sites in over 50 countries, we’re one of the world’s largest integrated manufacturers of building materials and solutions with leading market positions in cement, aggregates, and ready-mixed concrete. Our products and services are used in the construction of houses, infrastructure, commercial and industrial facilities. * *At the centre of our actions lies our responsibility for the environment. We’re front runner on the road to carbon neutrality and circular economy in the building materials industry. We’re working on intelligent and sustainable building materials as well as solutions for the future. We also enable new opportunities for our customers through digitalisation. *SITE: https://www.heidelbergmaterials.com Address Heidelberg Materials AG Berliner Straße 6 69120 Heidelberg Germany
Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 2

Third Party Employee Credentials: 20

External Attack Surface: 2

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabusecscglobal.com
MX Records
  • deumailgw.heidelbergcement.com.
  • usamailgw.heidelbergcement.com.
  • heidelbergmaterials-com.mail.protection.outlook.com. Microsoft 365
TXT Records
  • miro-verification=b63d515b7bf125a86a6ddc89cb4cdd1356dd4d8b
  • adobe-sign-verification=2967b04e158b4ed8c730d599dae1a3a2
  • adobe-sign-verification=67ba91ec677cb12cf89d72fe9ed2e6ca
  • _jiq8p7vhnn2ysi5l4fdi8b0z7g5aay0
  • adobe-sign-verification=178bd0c64ff4b43e9601b6f28b63676b
  • adobe-idp-site-verification=cab1aca1b6ace6118b8611529a7ca957992c424ad726e08fa382e5a2ac3f83c3
  • google-site-verification=PkeP19q52M1hGVoBv8lALkcDid5RA9-6uUqf6fNR9H0
  • smartsheet-site-validation=1kQ9QCDvDPdYKn0W5Twy1SeTEVyNeql9
  • 1password-site-verification=BWBKVOLAPFHKDP773PSSAV66TY
  • workplace-domain-verification=fnN1DrxrNJQfpJd3FX9NODjh39Dem9
  • 1password-site-verification=D6ZI545OV5FBDAE4BG46NXRM6A
  • adobe-idp-site-verification=ce2c3e3ed7743cc8f80527da49f747eae155073e25309f894c1e3378cb7f9031
  • _jn53z97raffrdekk0xkhx4n6qdm4zan
  • d365mktkey=Oom4MwXtIPZUC6G7ndzqMdYuCm1i1qsIB3EZYjtVjUQx
  • cloudflare_dashboard_sso=cba69ef1bc8e3a4519e90a8425d1a438
  • _tj63lk4xgdqp6nxv8gjf7wtbv95nfvs
  • kc4c3hrmjq7s86q5gq1s47f1y67dffhl
  • atlassian-domain-verification=/53qIr4cuxZsOezKtDTdNN7NayX2jQUI7TRlCp3pTlhymLb0j2vHHbamYnbaJWUt
  • _l0vlrjftybvb01oljwca4mpv995egqa
  • google-site-verification=8qGdQYcObwlP_yVXb14lewB1N4uEJ5SyOMZ96TNkDpo
  • v=spf1 mx a include:spf.heidelbergmaterials.com include:spf.protection.outlook.com include:spf.mebin.hypernode.io a:b.spf.service-now.com a:c.spf.service-now.com a:d.spf.service-now.com -all
  • amazon-business-verification=07629912def2818b9e7d58e0f51e9939f30880a3d205505c051c5fe868b53fc5
  • sign-in-app-verification=cncgtbE1k3L-yY3BBes7ECxHBg9CPD80H_-QVAbrdio
  • google-site-verification=otvJRR8cnoJXkz7h5lAXSXcQ3ucj4IO5ef0idH9iN_s
  • smartsheet-site-validation=3CpF2c188jor561HfDXm4nBsr3_FAQug
  • g4hntczr4dd4g2szhyg0kg5n4dz987dk
  • _9ibuw1yoibudyry8intx9jhrbti47oz
  • 8zz8tmr8ntprkft7qt88sxr18hwlyv74
  • knowbe4-site-verification=7cdec06dc2a97ced73e58767aca8d117
  • MS=ms77379116
Cloud / SaaS Services Detected
Adobe Atlassian Microsoft 365 Miro KnowBe4 ServiceNow

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.