Ransomware victim disclosure
← All victimsKhoemacau Copper Mining
Claimed by Avoslocker · listed 4 years ago
Status timeline
- ListedDec 26, 2022
- Data leakeddate unknown
At a glance
- Group
- Avoslocker
- Status
- Data leaked
- Country
- Botswana
- Sector
- Energy & Utilities
- Listed on leak site
- Dec 26, 2022
- Ransom demanded
- $565M
About the victim
AI dossier — public-source company profileKhoemacau Copper Mining is a subsidiary of Cupric Canyon Capital, an American private equity firm, operating an underground copper mine development project in Botswana. The Khoemacau copper project is a high-grade underground mine and represents one of the significant copper developments in southern Africa. In February 2019, the company secured a $565 million project funding package for the mine's development.
- Industry
- Copper Mining & Metals Extraction
- Address
- Botswana
Attack summary
Severity: critical — Full Active Directory domain hash dump has been publicly leaked, exposing NTLM credentials for all domain accounts including service accounts. This enables lateral movement, credential cracking, and full domain compromise; constitutes confirmed exfiltration of sensitive infrastructure authentication data from a critical mining operation. Disclosure status is 'data_published', meaning the data is already publicly available.AvosLocker claims to have exfiltrated and published all Active Directory domain password hashes from Khoemacau Copper Mining's internal domain (kcm.local), including hashes for named user accounts and service accounts such as FortiEMS-svc. The leak post presents NTLM hash credentials for multiple employees as proof of access.
Data the group says was taken
AI dossier — extracted from the leak post- Active Directory domain NTLM password hashes
- Employee account credentials
- Service account credentials (FortiEMS-svc)
- Internal domain user directory (kcm.local)
The group's post references roughly 10 proof files.
What the group claims
ALL Active Directory domain hashes leaked!!! Format: kcm.local\tshiamo.molefe:::13506d75610047a00e0b7692e81f70b2::: kcm.local\mpho.losike:::923a3103e0e13ab8014c9a8354c6337f::: kcm.local\roy.basson:::27f0e2227d44e6b2ac122c25350efd4c::: kcm.local\marius.ungerer:::ba1a5281df2eba76948e8c68aaa9211c::: kcm.local\helga.hugo:::c67c2209034b9537cc07083d842e9f65::: kcm.local\FortiEMS-svc:::975020171cada4be8e8fb655fcf49e4f::: kcm.local\tobokani.mosetlha:::0f9437d2c04e53cf4930a1b7cd50659a::: kcm.local\nikiwe.mahlasela:::83bcee313b6b3bb5d5cd1434128c92e6::: kcm.local\mooketsi.rantape:::e9923a513a6ee1fb4e08251da13993b2::: kcm.local\kuairani.hengari:::3ff04097c34204839ec416b3c1399b8b::: The Khoemacau copper project is an underground mine being developed by American private equity firm Cupric Canyon Capital's subsidiary Khoemacau Copper Mining in Botswana. Khoemacau Copper signed a $565m project funding package deal with Cupric Canyon Capital for the development of the high-grade Khoemacau copper project in February 2019.
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

