Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Groupe ACTIVA was hacked The most unreliable insurance company in the world has once again

group-activa.com
Group Alphv
Discovered 2023-07-26 15:13 UTC
Est. attack date 2023-04-21
Country CM
Duplicate Entry
This victim has been identified as a duplicate of another entry in our database. However, this may not always be the case: the same organization can be targeted multiple times by the same or different ransomware groups, which may result in separate legitimate entries. Search for related entries

Description:

Who is Groupe ACTIVA Created in 1998 by Africans, the ACTIVA Group was born from the desire to build a company operating in an Africa without borders, in compliance with international standards. In about twenty years, our group has become one of the leaders in insurance in Sub-Saharan Africa. We offer a full range of life and non-life insurance products and serve our clients according to the values that make up our identity. We position ourselves as a leader in innovation in our various markets. Over the next three years, our ambition is to consolidate our organic growth while remaining open to potential opportunities. Headquarters: Rue Prince De Galles, Douala, 12970, Cameroon Phone Number: +237 233501300 Website: www.group-activa.com CEO at Groupe ACTIVA: Richard Lowe Linkedin: http://www.linkedin.com/company/activa-vie Facebook: http://www.facebook.com/myactiva
Infostealer activity detected by HudsonRock

Compromised Employees: 2

Compromised Users: 31

Third Party Employee Credentials: 8

External Attack Surface: 22

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusewildwestdomains.com
MX Records
  • aspmx.l.google.com. Google Workspace
  • alt1.aspmx.l.google.com. Google Workspace
  • alt2.aspmx.l.google.com. Google Workspace
  • alt3.aspmx.l.google.com. Google Workspace
  • alt4.aspmx.l.google.com. Google Workspace
TXT Records
  • docusign=a472d9c5-f3e6-4d31-89cf-0b3c7abb7c38
  • MS=ms48695916
  • ms-domain-verification=bed44aff-4a94-4b81-a147-a8d5c039d342
  • 5fisdreo4ffim57gq1lvgmoq4k
  • adminacare-gui.group-activa.com
  • talent-activ
  • v=spf1 include:_spf.google.com ~all
  • google-site-verification=yxRJxRMpfC6awWogqoFO1c9D8_uBsU13hYkFHQtMHjc
  • trend-micro-v1-domain-verification.bb5ebccd4c3f6bc475675e6a642885e0=b052d53b-37fa-42d9-b345-6eda8095ed9a
  • t2k70mukp4ga39jjkk23ifm21l
  • 1amc4l6871hqa0qg4g25rlcsj4
  • ms-domain-verification=763041f4-9846-4f95-a67b-6f8d0c0cdd6f
  • 0W1YA6QAXBLG9LYG04IKD344RY3J57TAN062UWKY
  • docusign=80c815f9-7c5e-41aa-8db0-d0e342a751d8
Cloud / SaaS Services Detected
Microsoft 365 DocuSign

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.