Ransomware victim disclosure
← All victimsООО «Аудит-Эксперт»
listed as auditexpertnn.ru · Claimed by Lv · listed 3 years ago
Status timeline
- ListedDec 20, 2023
- Data leakeddate unknown
At a glance
- Group
- Lv
- Status
- Data leaked
- Country
- Russia
- Sector
- Business Services
- Listed on leak site
- Dec 20, 2023
About the victim
AI dossier — public-source company profileAudit-Expert is an accounting services firm based in Nizhny Novgorod, Russia, operating since 2004. They provide remote bookkeeping, tax accounting, payroll processing, and business registration/liquidation services to over 1,000 clients across the region.
- Industry
- Accounting & Bookkeeping Services
- Address
- Нижний Новгород, Нижегородская область, Россия
- Founded
- 2004
Attack summary
Severity: high — Confirmed exfiltration of sensitive financial data (banking credentials and client databases) affecting a professional services firm with significant client base. Banking credentials and financial records constitute regulated sensitive information.The Lv group claims to have exfiltrated unprotected client databases and online banking access credentials stored on the company's servers. The threat actor states intention to publish all compromised data to expose the company to its clients.
Data the group says was taken
AI dossier — extracted from the leak post- client databases
- online banking credentials
- client financial records
- accounting documentation
What the group claims
Центр бухгалтерских услуг «АУДИТ-ЭКСПЕРТ» принимает желание заказчика работать эффективно как профессиональный ориентир.Оказывая бухгалтерские услуги удаленно в Нижнем Новгороде и Нижегородской области, специалисты компании «АУДИТ-ЭКСПЕРТ» работают в ваших интересах.Интересно,что базы данных клиентов,находящиеся на серверах компании абсолютно не защищены.Равно как ключи доступа к онлайн банкингам,например.Так или иначе-мы все опубликуем,почему бы клиентам компании не узнать с кем они имеют дело?
Sources
- Victim siteauditexpertnn.ru
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

