Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Go-Ahead Group

go-ahead.com
Group Dunghill
Discovered 2023-09-26 22:10 UTC
Est. attack date 2023-09-26
Country GB

Description:

Go-Ahead Group plc is a passenger transport company based in Newcastle upon Tyne, England. The majority of its operations are within the United Kingdom, Ireland, Singapore, Norway, and Germany. Go-Ahead diversified into ground handling services at various British airports via the acquisition of Gatwick Handling International, British Midland, and Reed Aviation. Acquired numerous other British transport companies, including Thames Travel, Carousel Buses, Hedingham, Anglian Bus, and HC Chambers & Son. It was contracted to operate bus and rail services in Germany and Singapore. During January 2023, it was announced that Go-Ahead was expanding into the Australian market via the U-Go Mobility joint venture with the engineering company UFL.
Infostealer activity detected by HudsonRock

Compromised Employees: 12

Compromised Users: 11

Third Party Employee Credentials: 2

External Attack Surface: 19

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabusecscglobal.com
MX Records
  • mxa-005a6401.gslb.pphosted.com. Proofpoint
  • mxb-005a6401.gslb.pphosted.com. Proofpoint
TXT Records
  • _mc42j19xl02fqj569sg6oq915600fk3
  • bcpdgp89mnxg768jsgwlm17w5t7wlgyz
  • h3knc66y2b8p7h419k68t1wsb0gtr7lf
  • rf8s61z853xxr8ls4n71fyl25mb3pcy0
  • vhjtnp78fhlz3gtdg7lssnklt02cs3y9
  • apple-domain-verification=n0UQfdZ0rG44KAWN
  • 3203dc4db3f642ee27e4a8a20306ad9a.go-ahead.com
  • have-i-been-pwned-verification=dweb_sij8qc1flmu3qw3m00xhxviw
  • have-i-been-pwned-verification=2508c7c93add63a3fd1c2627f3e4e27c
  • google-site-verification=0N2aLhS4snDY5828Sxpfjf9jMQvspLGDC9q_frzB_uY
  • google-site-verification=d5Fxni_z0s9sh9rP-nY-qLaqcmRsxkQ6REtfXqfG1LI
  • google-site-verification=vRe7Xd7VlsOCdVFL9l5Ae2pmdsPrTY4wbwPPDz_Ue-w
  • adobe-idp-site-verification=0e1006195443321683c7df8388aa59d027c2e34d3a740de90503c001cb8e90cb
  • v=spf1 include:spf.protection.outlook.com include:spf-005a6401.pphosted.com include:spf1.go-ahead.com a:c.spf.service-now.com include:eu.rp.oracleemaildelivery.com include:spf_c.oraclecloud.com include:ciphr247.com -all
  • MS=ms70902184
  • _889btx4ldjqbyrt00eixzk0xpjjvshm
Cloud / SaaS Services Detected
Adobe Apple Microsoft 365 Oracle Cloud ServiceNow Have I Been Pwned Proofpoint

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.