Tornado Cash

Threat Actor Profile Updated 8 days ago
Download STIX
Preview STIX
Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it has been linked to money laundering activities, demonstrating a sophisticated understanding of financial systems and digital currencies. The Lazarus APT (Advanced Persistent Threat) group, a notorious cybercrime organization, has reportedly returned to using Tornado Cash as a platform to launder stolen funds. This development underscores the ongoing relationship between these two entities and raises concerns about the broader implications of their activities. The repeated association of Tornado Cash with such nefarious activities highlights the group's role in facilitating cybercrime on a significant scale. In a significant blow to Tornado Cash, one of its developers was recently sentenced to 64 months in prison. This sentencing is a clear indication of the serious nature of the crimes associated with this group. It serves as a stark reminder of the potential legal consequences for those involved in such operations. Despite this setback, the overall threat posed by Tornado Cash remains substantial, necessitating continued vigilance and robust cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lazarus Group
4
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Laundering
Exploit
Fraud
Phishing
Bitcoin
Cybercrime
Ransomware
Apt
Vulnerability
Korean
Finance
Scam
State Sponso...
Cybercrimes
Government
Scams
Backdoor
Sandbox
Known Exploi...
Chrome
Zero Day
Breachforums
Acrobat
Botnet
Sec
At
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DominoUnspecified
1
The Domino malware, a harmful program designed to exploit and damage computer systems, has been identified as the culprit behind a series of high-profile cyber attacks. The first notable incident occurred when a hacker claimed to have accessed Domino's India's massive 13 TB database on the Dark Web,
PegasusUnspecified
1
Pegasus is a highly sophisticated malware developed by the NSO Group, known for its advanced and invasive capabilities. It is classified as mercenary spyware, often used by governments to target individuals such as journalists, political activists, and others of interest. Pegasus is particularly not
PhorpiexUnspecified
1
Phorpiex is a notorious malware that has been identified as a substantial threat in the cyber landscape. This malicious software, designed to exploit and damage systems, infiltrates unsuspecting users' devices through suspicious downloads, emails, or websites. Once inside, it can cause significant h
Lockbit BlackUnspecified
1
LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The
Black BastaUnspecified
1
Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BlenderUnspecified
3
Blender, a renowned threat actor known for its involvement in the cybersecurity landscape, has recently been under scrutiny due to its alleged role in facilitating illegal transactions. Last year, the US imposed sanctions on crypto mixers Tornado Cash and Blender, targeting them as part of a broader
sinbad.ioUnspecified
2
Sinbad.io, a threat actor identified as a popular money-laundering outlet for state-sponsored crypto thieves, emerged as a significant player in the cybercrime landscape over the past few years. Following U.S. sanctions on Tornado Cash, a previously favored service by North Korean hackers to obfusca
SinbadUnspecified
2
Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet
APT38Unspecified
1
APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril
KimsukyUnspecified
1
Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tornado Cash Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a day ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
BankInfoSecurity
4 days ago
Cryptohack Roundup: $230M WazirX Exploit in India
Securityaffairs
8 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
16 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
23 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
a month ago
Cryptohack Roundup: Norway Freezes Hacked Ronin Funds
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
2 months ago
Cryptohack Roundup: Thieves Steal $45M; Hacker Returns $71M
Securityaffairs
2 months ago
A Tornado Cash developer has been sentenced to 64 months in prison
BankInfoSecurity
2 months ago
Tornado Cash Developer Sentenced to 5 Years in Prison
Securityaffairs
3 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
3 months ago
Cryptohack Roundup: Geosyn Fraud Lawsuit
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
3 months ago
Cryptohack Roundup: First Conviction in Smart Contract Hack
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
3 months ago
Cryptohack Roundup: Google Sues Alleged Crypto App Crooks