Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

ancillae.org

ancillae.org

Discovered 2024-04-19 11:27 UTC
Est. attack date 2023-10-09
Duplicate Entry
This victim has been identified as a duplicate of another entry in our database. However, this may not always be the case: the same organization can be targeted multiple times by the same or different ransomware groups, which may result in separate legitimate entries. Search for related entries

Description:

More information in our telegram channel https://t.me/snatch_team Persons responsible for data leakage:kathleen helbig:Treasurer at Ancillae-Assumpta Academy+12155766250+12158851636khelbig@ancillae.orgkathleenhelbig@juno.comhelbig@ancillae.orghttps://www.linkedin.com/in/kathleen-helbig-a0941542;sharon haleyshaley@ancillae.orghttps://www.linkedin.com/in/sharon-haley-4a25b636;jo aloisi:jaloisi@ancillae.orghttps://www.linkedin.com/in/jo-aloisi-6a2b0734;marie boyden:mboyden@ancillae.orghttps://www.linkedin.com/in/marie-boyden-779ab534;diaconis stephanie:Teacher and Religious Education Coordinator at Ancillae-Assumpta Academysdiaconis@ancillae.orghttps://www.linkedin.com/in/diaconis-stephanie-11102b48;Priscilla Donnalley:Third Grade Teacher at Ancillae-Assumpta Academyhttps://www.linkedin.com/in/priscilla-donnalley-26794a81pdonnalley@ancillae.org+12158851636;Eileen Wolpert:Director of Lower School at Ancillae-Assumpta Academyhttps://www.linkedin.com/in/eileen-wolpert-b37b149ewolpert@ancillae.org+12158851636;frank gallo:Facilities Manager at

Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 1

Third Party Employee Credentials: 1


External Attack Surface: 1


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operationsweb.com
MX Records
  • aspmx3.googlemail.com. Google Workspace
  • aspmx.l.google.com. Google Workspace
  • alt1.aspmx.l.google.com. Google Workspace
  • alt2.aspmx.l.google.com. Google Workspace
  • aspmx2.googlemail.com. Google Workspace
TXT Records
  • apple-domain-verification=fkVCJrRveHWsW4HP
  • jamf-site-verification=QVkqZHIq9spymoppMQLicQ
  • v=spf1 include:_spf.google.com include:swiftreach.com ip4:208.43.2.60 ip4:216.162.80.118 ip4:74.125.244.0/22 ip4:205.201.128.0/20 ip4:198.2.128.0/18 ~all
  • MS=ms27930383
  • 662evg2k9418bgc9ui35dcnu9
  • 1rld3g4ebhu1l3ffckkulqhpq0
  • ar24ingdqslok221r3epmt27qe
  • ciikgmi1n9l5mm20s45dkn7o0v
  • v449iagsi71slh0k1jrbm5rhgm
Cloud / SaaS Services Detected
Apple Microsoft 365 JamF

Leak Screenshot:

Leak Screenshot