Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Naftor and Grupa Pern (Naftoport/ SIARKOPOL/ SARMATIA/ NAFTOSERWIS) is the most dangerous

naftor.pl
Group Alphv
Discovered 2023-11-14 14:29 UTC
Est. attack date 2023-11-14
Country PL

Description:

WARNING! COOPERATION WITH NAFTOR AND GRUPA PERN MAY RESULT IN THE LEAKAGE OF YOUR DATA. THESE COMPANIES DO NOT COMPLY WITH THE LAWS OF THE EUROPEAN UNION AND IN PARTICULAR THE GDPR. YOU MAY INCUR LEGAL AND FINANCIAL RISKS BY WORKING WITH THEM! WE RECOMMEND ALL CLIENTS AND PARTNERS OF GRUPA PERN TO URGENTLY TERMINATE THEIR CONTRACTS AS ALL CONFIDENTIAL DOCUMENTS WILL BE MADE PUBLIC IN THE NEAR FUTURE. THE COMPANY'S VULNERABILITIES HAVE ALREADY BEEN USED TO PENETRATE THE NETWORKS OF PARTNERS AND CLIENTS. ANY CONTACTS WITH THESE ORGANIZATIONS CAN DESTROY YOUR BUSINESS! About Naftor Sp. z o.o. is a PERN S.A. Group company operating in the broadly defined area of security prepared to carry out projects in the field of physical security and technical protection of objects of particular importance for the economic interest of the state as well as conducting specialized training and special projects for government institutions and selected commercial entities. ul. Wał Miedzeszyński 630 03-994 Warszawa tel./fax 22 487 57 87 naftor.pl

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • albioriks.pern.pl.
  • emismg01.pern.pl.
  • emismg02.pern.pl.
  • aegaeon.pern.pl.
TXT Records
  • v=spf1 ip4:194.165.54.171/32 ip4:194.165.54.172/32 ip4:194.165.54.154/32 ip4:194.165.54.155/32 ip4:80.48.190.190/32 ip4:89.161.139.50/32 mx ~all
  • MS=ms43244608
  • dtm-domain-verification=rpYxrWM-nZhRlgClw8Vrow7wb9tIaCrWBBtz-zIrrNM
  • google-site-verification=9Hzlkc-fE5nDYUXu2g1U4nZAo6m-PPhoPY_YeNQOWkk
Cloud / SaaS Services Detected
Microsoft 365

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.