Quick Summary
AllegedExecutive Summary
The RANSOMWARE group SETTRA has allegedly targeted Tour Edge, a US-based company operating in the hospitality and tourism sector. The group listed Tour Edge on its dark web portal on June 30, 2026, as part of a recent surge of attacks against US commercial organizations. This incident is identified through SOCRadar’s Dark Web Monitoring service.
Technical Analysis
SOCRadar’s analysis of stealer-log telemetry identified a minor exposure for the touredge.com domain, with four records of consumer and corporate accounts dating from December 2025 to February 2026. While the sample size is small and does not confirm Settra’s direct use of these credentials, the pattern of credential reuse with corporate email addresses is consistent with typical initial access vectors for ransomware groups such as Settra. This involves using credentials harvested by infostealers to gain access to corporate systems via Microsoft 365, VPNs, or remote access portals. CTI teams are advised to rotate exposed credentials, investigate affected endpoints for stealer activity, and implement ongoing credential monitoring.