Nova ransomware claim alleges that Textile Testing Services of America (US-based) was targeted via the initial access domain sandox.info, which was linked by the Nova OSINT team to ttsamexico.com and supported the publication of related stolen-data artifacts. It states that the actor will provide a tree and samples from the data to the company through the support department and will correct any false posts, with the impacted country(s) #UnitedStates.
Incident Details
- Victim: Textile Testing Services of America
- Sector: Manufacturing
- Country: US
- Actor: nova
- Source: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/textile-testing-services-of-america
- Discovered: 2026-05-26T19:53:34.014394+00:00
- Published: 2026-05-26T00:00:00+00:00
Information
- Correction following the first post about sandox.info, which was published by an affiliate after receiving the full information.
- The team conducted OSINT and determined that sandox.info was the initial access point (IP 64.76.20.226).
- The full data is related to ttsamexico.com, as confirmed by the Nova OSINT team.
- Publishing the IP will not affect the company, as it is already publicly visible through ping administracion.ttsamexico.com.
- Any false information potentially posted due to misunderstanding will be corrected.
- Nova provided tree and samples from the stolen data to the company after it contacted the support department.
- Nova will oversee the target verification process to ensure accurate post deployment.
Disclaimer: This post is based on public claims made by the ransomware group "nova". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.