Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Access Group

Group: cicada3301

Discovered by ransomware.live: 2024-06-20

Estimated attack date: 2024-06-19

Country: GB

Description:

The Access Group is headquartered in Leicestershire, United Kingdom, a provider of business software to mid-sized UK organizations. Offering custom ers across commercial and not-for-profit sectors with productivity and efficiency solutions in the IT field. Providing cloud platforms that assist customers data to be integrated across core business systems. Downloads: http://cicadacnft7gcgnveb7wjm6pjpjcjcsugogmlrat7u7pcel3iwb7bhyd.onion/access-dataleak

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 25

Third Party Employee Credentials: 8

External Attack Surface: 2


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse register.it
  • whoiscontact names.co.uk
MX Records
  • theaccessgroup-com.mail.protection.outlook.com.
TXT Records
  • access-domain-verification=e7bf20437ae8da97d24fe8ad72f3b529de267226600e818704a90af2b51186c7
  • 00d58000000z4gmeac
  • google-site-verification=rPrUpIneadkf1IsTPXZZipnYiurE78pW_56aSchPaXs
  • configcat-domain-verification=08dd738a-090d-4458-85f1-58228bb44531
  • fsverification-helpme.theaccessgroup.com=20da9373b241fdf925be3b0d9bcccef9a23ee3d87faa076f330aa5b9866e03b7
  • mgverify=72292307a6e0b2de2feb66d13f8710a414011d982470edccc381f5d852a34d63
  • asv=36cf2ad5d7882bea7a4086abe3ef8398
  • teamviewer-sso-verification=c296e33567d74634823b198d72ac3530
  • f6AADFJ3EkEB1XGuxIR501XmZaI6SmsIYPLETIZ93wNmxF57wktEkxCU/dlSMHJ8wNJKpHyNt0f3jkd7wItJiA==
  • logmein-verification-code=048c5f79-6b98-4bc1-8127-9e136ce984c3
  • v=spf1 ip4:123.100.123.4 ip4:50.31.50.26 ip4:212.54.136.59 ip4:212.54.135.68 include:tagspf.theaccessgroup.com include:mailgun.org include:mktomail.com include:_spf.salesforce.com include:spf.protection.outlook.com -all
  • miro-verification=c0b965d801bdf18c30379c6e85d01cc18f915a5e
  • atlassian-domain-verification=xwStFgMa7R51T8kQWgaThKYfBURABcA7LbJFIgudKMK8w/w1stIF/BzvCsW2deTL
  • jetbrains-domain-verification=d2tapfeqc8on3vaqilg8v59qt
  • apple-domain-verification=ateHNN6O9vvGofX4
  • MS=ms64575370
  • docusign=dca1bfcd-bcc7-416a-b520-75cfd13adb7e
  • atlassian-domain-verification=9pWOC5fyTC8/rceY4/tJEPuOa6fkMWMPrE9DRuMmnAgzxewTiIDHl34EwBe1WG5x
  • astro-domain-verification=cm38zmomt0pvr01grea36edht
  • hcp-domain-verification=8801e2cf711c59eeae9f91b80b5e5884a9a56042f02fe5f1972c0776de01946c
  • docker-verification=d882f2d2-14f9-467e-aea6-28777de94f80
  • sN3UWDBzvIHTPwxIDxSNm2S7WFxhCSaD+RSt+FEv9QrhZ0b/zGvOOWzK+FYbu5rH5nX9t0dzvMy5tBO9siLIIQ==
  • mgverify=f7b757b845377b59192b0b964d1acfb2111a1737928648552acfdd7e6f58f024
  • anthropic-domain-verification-xfwe0d=krIBMQ5ZVjS7Sc6wjq8g9UpJN
  • google-site-verification=ys5TdIOFjfdzvJvIXgvGUt9kLILAlaAbmNi7-yITKeE
  • intersight=9db21bd99fdaec06d6a03e769e53f9445bdf623ef7a4b2184a9f2d9bd4ef5779
  • google-site-verification=7GfOuBfGEcvKjkiSWb-ZrtwmvNDST7IynvkCByHLuOM
  • google-site-verification=R12mx_l9XvExiv7LSmp8k5ILW-Lm0J9Iaw_FJB3aXCs
  • figma-domain-verification=7c58b9cd5486b6cf6a6c81f7d72a8d762e7bd2297df3c1e05b7e36f750df9a8a-1752134514
  • new-relic-domain-verification=4056bd84befd492ebbe23cc0d8b5ef2b
  • mongodb-site-verification=Ce535ZzbzvoZNhxTC1VHqF8PLzjZisab
  • 1password-site-verification=MFCT4GT6EFAKRMOIEBQKFZR6LY
Cloud / SaaS Services Detected
Apple Atlassian Microsoft 365 Salesforce Marketo Miro LogMeIn Teamviewer Mailgun DocuSign

Leak Screenshot:

Leak Screenshot