The Rostova Organization group, operating in collaboration with the Vect ransomware group, claims to have breached Usha International Limited, a major consumer durables manufacturing company. The threat actors allege that the company refused to negotiate an extortion demand, prompting them to list the corporate and employee databases for sale on a dark web forum for $10,000 USD.
According to the actor, the allegedly compromised data includes employee reports, Active Directory system hashes, and infrastructure details. The specific data points listed in the leak include:
-
Employee names (first, last, and father/husband name)
-
Demographic details (gender, birth date, blood group, marital status, religion, nationality)
-
Contact information (residence and permanent addresses, personal and employee emails, phone numbers)
-
Employment details (employee codes, IDs, join dates, card numbers, shift details)
-
Government identification (Aadhar card number, PAN number, ESI number, UAN)
-
Financial information (bank name, bank account number)
-
Active directory account details (SamAccountName, NTHash, SID)
