Cactus

Malware updated 8 days ago (2024-08-30T17:18:25.773Z)
Download STIX
Preview STIX
Cactus is a malicious software (malware) that infiltrates systems to exploit and damage them. This malware, often delivered through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or hold data hostage for ransom. Cactus has been used in several high-profile ransomware attacks, including those on OmniVision, Swedish retail and grocery provider Coop, and Schneider Electric. In 2023, Cactus was responsible for a significant data breach at OmniVision, a leading developer of advanced digital imaging solutions. The company disclosed the breach following the attack, which resulted in severe operational disruptions and potential exposure of sensitive information. The Cactus ransomware attack was part of a series of similar incidents involving different strains of malware, including LockBit, Play, RansomHub, Akira, Hunters, and BlackBasta, each accounting for a share of the overall cyber threats. The Cactus ransomware gang was also involved in other notable attacks. They exploited the DanaBot Trojan in malvertising attacks to spread the Cactus ransomware. In addition, they targeted the Swedish retail and grocery provider Coop, causing significant disruption. The most alarming incident involved Schneider Electric, an energy management and industrial automation firm. The Cactus ransomware gang claimed to have stolen 1.5TB of data from the company, demonstrating the extensive reach and potential damage this malware can inflict.
Description last updated: 2024-08-30T17:16:33.537Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Nokoyawa
2
Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Schneider
Vpn
Exploit
Ransom
Vulnerability
Extortion
Data Leak
Malware
Rmm
Exploits
Proxy
Malvertising
Lateral Move...
Antivirus
exploitation
Encryption
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
4
LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
AkiraUnspecified
3
Akira is a malicious software or malware that has been causing significant damage to various organizations and systems worldwide. The ransomware, known for its persistent and harmful attacks, has successfully infiltrated numerous systems, often without the knowledge of the users, disrupting operatio
BlackbastaUnspecified
3
BlackBasta is a notorious malware, specifically ransomware, that has been associated with several high-profile cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information,
Black Bastais related to
2
Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of
ClopUnspecified
2
Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Alphvis related to
3
Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op
Source Document References
Information about the Cactus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
5 days ago
Statistics on PC malware for Q2 2024
InfoSecurity-magazine
8 days ago
Published Vulnerabilities Surge by 43%
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
2 months ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint
3 months ago
27th May – Threat Intelligence Report - Check Point Research
Securityaffairs
3 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
OmniVision disclosed a data breach after the 2023 Cactus ransomware attack
Securityaffairs
4 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
4 months ago
Thousands of Qlik Sense Servers Open to Cactus Ransomware
Securityaffairs
5 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
5 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini