Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Bombardier Recreational Products (BRP)

brp.com
Group Ransomexx
Discovered 2022-08-23 15:15 UTC
Est. attack date 2022-08-23
Country US
Duplicate Entry
This victim has been identified as a duplicate of another entry in our database. However, this may not always be the case: the same organization can be targeted multiple times by the same or different ransomware groups, which may result in separate legitimate entries. Search for related entries

Description:

BRP Inc. is the holding company for Bombardier Recreational Products Inc., operating as BRP, a Canadian manufacturer of snowmobiles, all-terrain vehicles, side by sides, motorcycles, and personal watercraft. It was founded in 2003, when the Recreational Products Division of Bombardier Inc. was spun-off and sold to a group of investors consisting of Bain Capital, the Bombardier-Beaudoin family and the Caisse de dépôt et placement du Québec. Bombardier Inc., was founded in 1942 as L'Auto-Neige Bombardier Limitée (Bombardier Snowmobile Limited) by Joseph-Armand Bombardier at Valcourt in the Eastern Townships, Quebec. As of October 6, 2009, BRP had about 5,500 employees; its revenues in 2007 were above US$2.5 billion. BRP has manufacturing facilities in five countries: Canada, the United States (Wisconsin, Illinois, North Carolina, Arkansas, Michigan and Minnesota), Mexico, Finland, and Austria. The company's products are sold in more than 100 countries, some of which have their own direct-sales network. BRP's products include the Ski-Doo and Lynx snowmobiles, Can-Am ATVs and Can-Am motorcycles, Sea-Doo personal watercraft, and Rotax engines. The Ski-Doo was ranked 17th place on CBC Television's The Greatest Canadian Invention in 2007. Confidential agreements, NDA's, personal data, passports, etc.
Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 261

Third Party Employee Credentials: 63

External Attack Surface: 71

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabusecscglobal.com
MX Records
  • smtp.google.com. Google Workspace
TXT Records
  • asv=6a05b5a76f0ecfef9b32ad9be65bfdc8
  • facebook-domain-verification=lft3aopx54frgb3jbkjwkjrnf698iy
  • google-site-verification=WRYqdMxHFahfj7rgD5LgTV_F7xDbe_Buaiv-MnPeE_g
  • Dynatrace-site-verification=1975f6d3-2876-4c06-978f-925dde14dbc2__hn2mr37at3r4ektm4gv12b8jgs
  • onetrust-domain-verification=8de8236c77dc40199e63b77ec022c1ee
  • figma-domain-verification=1775632002ccef5a1e1731588408e00aeadd016487592a0466b8a3c647eaf21f-1747755689
  • adobe-idp-site-verification=19f6bbf5b2452f34d2ae99ab61acd501fe5ddc4929ebf289b57d183241e980e0
  • mongodb-site-verification=QtxdL51fZl0WZOGRtjq0uvgIQCQXX7XI
  • atlassian-domain-verification=4f6lFaqKyUNW4dIz8UWmo7p/rT6EAIjqg/2xnoTqdHRrG9oqmanmVGGwgVmYPJfo
  • pexip-ms-tenant-domain-verification=a054183e-28a6-4153-aac7-d9f721a1cfab
  • brevo-code:d089e529682d9ef756706f9c7e1df2b9
  • atlassian-sending-domain-verification=1a48457e-0140-419e-b312-4c46ed00a210
  • adobe-sign-verification=1c6570f869d150978d757d45440f7f68
  • MS=ms55860706
  • v=spf1 include:_spf.google.com include:_spf1.brp.com include:_spf2.brp.com include:spf_4.taleo.net exists:%{i}._spf.mta.salesforce.com include:spf.protection.outlook.com include:em.brp.com ~all
  • hcp-domain-verification=27b8f960169429ae4f66631249c5862170d178d06fbb3959f46e3ed0591b5a42
  • cisco-ci-domain-verification=37c7b6a22896e54f042aac050fbcb3c9710df4eaa5bae786bbbff78c6f434d87
  • slack-domain-verification=adeboOdSpbrC3yR5lv2KSA53gF3AOZ4j9n6Pl7yz
  • _9cex07t9vz0otiw3u4qc5v7qfzturjm
  • postman-domain-verification=7fcb7614b07283243ddb1387358d124ecb66ed3f880fe25797973f601463f224e94f50afd120f6d0b3e1ad7a26fb41f89098d8cfcb94cb0d80f2b88e94c4c7e7
  • copy-ai-domain-verification-xcje2z=Bo4SKgnRab2eqBLXEUEmkLG5n
  • cisco-ci-domain-verification=65682b2b5843e0cb99343bbcfb73ead20f85e3d315866dcd40a48c65d3d7a430
  • zscaler-verification-143270137-8192025-4VJi3i
  • vmware-cloud-verification-fee22c38-3a45-4360-b92b-9c19a6ab0951
Cloud / SaaS Services Detected
Adobe Atlassian Microsoft 365 Slack Cisco OneTrust Zscaler

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.