Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
CRRC Corporation Ltd.

CRRC Corporation Ltd. Vendor Cyber Rating & Cyber Score

crrcgc.cc

CRRC undertakes design, manufacture, testing, commissioning and maintenance of locomotives and rolling stock, including: electric locomotives, diesel-electric and diesel-hydraulic locomotives from 280 kw to 10,000 kw for mainline and shunting duties; high-speed trains of speed over 350 km/h; DMUs and EMUs for urban, suburban and regional transport; trams and light rail vehicles; metro cars and passenger coaches; as well as full line of freight wagons, such as covered wagons; open-top wagons for coal, ore, steel and timber; hopper wagons for grain, ore, fertilizer; flat wagons; double-deck container flat wagons; tank wagons for all types of liquid and chemicals; tipper wagons, schnabel and depressed center wagons, as well as track machinery.


CCL A.I CyberSecurity Scoring

CCL
Company Information
Website:https://www.crrcgc.cc/en
Employees number:381
Number of followers:34,151
NAICS:3365
Industry Type:Railroad Equipment Manufacturing
Homepage:crrcgc.cc
CCL Risk Score (AI oriented)
Between 650 and 699
logo
CCLRailroad Equipment Manufacturing
Updated:
18/03/2026
695/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CCL Global Score (TPRM)
xxxx
logo
CCLRailroad Equipment Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CCL
CCLWeak
Current Score
695B (WEAK)
01000
1 incidents
-57 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
699Before Incident
JUNE 2026
699Before Incident
MAY 2026
697Before Incident
APRIL 2026
697Before Incident
MARCH 2026
696Before Incident
FEBRUARY 2026
694Before Incident
JANUARY 2026
749Before Incident
Breach
06 Jan 2026CCL
CRRC MA, K3G and Australian NBN: Dozens of Major Data Breaches Linked to Single Threat Actor

Zestix/Sentap Initial Access Broker Campaign

692After Incident
CRITICAL-57
CRRTESAUS1767704662
Cybersecurity Alert: Threat Actor Zestix/Sentap Exploits Stolen Credentials in Major Data Breaches A threat actor known as Zestix—also linked to the online persona Sentap—has been identified as an initial access broker (IAB) behind multiple high-profile data breaches, according to cybersecurity firm Hudson Rock. Active since late 2024–early 2025, Zestix’s operations trace back to Sentap’s activities dating to 2021, with both personas leveraging stolen credentials to infiltrate enterprise networks. ### Attack Method & Victim Profile Zestix/Sentap targets organizations across aerospace, government infrastructure, legal, robotics, and defense sectors, exploiting credentials harvested from information stealers like RedLine, Lumma, and Vidar. These credentials—some freshly stolen, others lingering in logs for years—were used to breach file-transfer services such as ShareFile, OwnCloud, and Nextcloud, often due to missing multi-factor authentication (MFA). The actor has successfully compromised systems roughly 50 times, exfiltrating data for sale on Russian-language hacker forums or auctioning access to the networks themselves. ### Notable Breaches & Financial Impact Zestix has claimed responsibility for large-scale breaches, including: - Iberia (Spanish flag carrier) – 77 GB of data, listed for $150,000 - Pickett & Associates (engineering firm for energy orgs) - Intecro Robotics (aerospace/defense equipment) - Maida Health (Brazilian military police contractor) - CRRC MA (rolling stock manufacturer) - Pan-Pacific Mechanical (1.04 TB), Bradley R. Tyer & Associates (1.02 TB), and The Providence Group (1 TB) Under the Sentap alias, the actor’s victim list expands further, though Hudson Rock could not confirm all breaches stemmed from infostealer infections. ### Broader Infostealer Threat The incident underscores the persistent risk of information stealers, which Hudson Rock warns have exposed credentials for thousands of organizations using ShareFile, OwnCloud, and Nextcloud, including Deloitte, Honeywell, KPMG, Samsung, and Walmart. These attacks thrive on malware-as-a-service (MaaS), enabling even unskilled actors to deploy stealers that exfiltrate data in minutes before self-deleting, leaving minimal forensic traces. The commodification of cybercrime—where stolen credentials fuel credential stuffing, identity theft, and fraud—continues to drive large-scale breaches, with no immediate solution in sight.
INCIDENT DETAILS -
TYPE
Data BreachInitial Access Broker (IAB) ActivityRansomware
MOTIVATION
Financial gainData exfiltration and saleInitial access brokerage
IMPACT
Data Compromised: 77 GB (Iberia), 1.04 TB (Pan-Pacific Mechanical), 1.02 TB (Bradley R. Tyer & Associates), 1 TB (The Providence Group), 306 GB (Australian NBN), 275 GB (UrbanX.io), and othersShareFileOwnCloudNextcloudEnterprise networksOperational Impact: Unauthorized access to sensitive file repositories, data exfiltration, and potential ransomware deploymentBrand Reputation Impact: High (public disclosure of breaches, data sales on dark web)Identity Theft Risk: High (PII exposure)
DATA BREACH
CredentialsSensitive filesPersonally Identifiable Information (PII)Sensitivity Of Data: High (corporate, military, healthcare, and infrastructure data)
DECEMBER 2025
749Before Incident
NOVEMBER 2025
749Before Incident
OCTOBER 2025
749Before Incident
SEPTEMBER 2025
749Before Incident
AUGUST 2025
749Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CCL ?
?
What was CCL's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CCL's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CCL's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CCL's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CCL's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CCL's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CCL's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CCL's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CCL's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CCL's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CCL's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CCL's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CCL ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CCL's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?