Incident Details
- Victim: Avanti Windows & Doors
- Sector: Manufacturing
- Country: US
- Actor: aurora
- Source: http://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/avanti-windows-doors-25cc6dc6
- Discovered: 2026-05-12T11:20:59.313304+00:00
- Published: 2026-05-12T00:00:00+00:00
Information
- Plaintext SQL Server SA credentials exposing the master key to the FeneVision ERP database
- Employee SSNs, W-4s, I-9s, and E-Verify records covering the full workforce
- 1099-MISC/INT forms containing contractor and vendor tax details and payment amounts
- Direct deposit authorizations with bank account and routing numbers for payroll-enrolled employees
- More than 24 months of Chase bank statements and 28 months of AMEX corporate card statements
- The complete proprietary pricing algorithm, including FastAPI backend source code and 41+ builder MSAs
- CPA-reviewed financial statements, partnership returns, K-1s, and budget forecasts
- OSHA 300 logs, workers’ compensation audit files, and UHC health insurance invoices
- Attorney-client privileged ADOSH settlement correspondence
- About 80 Windows roaming profiles with desktops, documents, AppData, Outlook files, browser caches, and cached credentials
Disclaimer: This post is based on public claims made by the ransomware group "aurora". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.