on-us Data Breach

Alleged

Ransomware claim involving on-us.

Published: Jun 30, 2026
Threat Level
High
Confidence: High

Quick Summary

Alleged
Company
on-us
Industry
Business Services
Date of Incident
Jun 30, 2026

Executive Summary

SOCRadar’s Dark Web Monitoring service identified on-us, an organization based in Hong Kong, as a victim of the Gunra ransomware group. The listing appeared on Gunra’s dark web portal on June 30, 2026. While a specific sector was not detailed for on-us, Gunra has historically targeted the business services, financial services, and transportation and logistics sectors. This particular listing of on-us marks a geographically diverse entry for Gunra, whose recent victimology has primarily focused on Latin America and Europe.

Technical Analysis

SOCRadar analyzed initial access vectors for on-us by querying its stealer-log telemetry data, which returned no direct matches for on-us.com. However, the absence of a direct hit does not confirm the absence of exposed credentials, as data may be indexed under alternate domains, personal aliases, or reside in datasets not accessed by the query. The methodology employed by ransomware groups like Gunra often involves sourcing credentials from stealer logs obtained on underground marketplaces. These credentials are then used to gain unauthorized access to corporate systems, including Microsoft 365, VPNs, and remote access portals, before deploying ransomware. CTI teams are advised to continue monitoring and implement proactive credential hygiene measures, rather than interpreting a null query as a sign of no compromise.