APT / THREAT GROUP💰 FINANCIALHIGH
B0
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Porthas, this is a ransomware written in Golang, using a time-based kill switch to limit its execution.
Threat Analysis
B0 is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like B0 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, B0 is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Intelligence Reports Mentioning B0
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
The Hacker News· Jul 3, 2026
NetNut proxy network disrupted, 2 million infected devices cut off
BleepingComputer· Jul 3, 2026
Cyber readiness for SMBs: Getting the basics right
ESET Research· Jul 3, 2026
Supreme Court decision threatens EU-US data transfer agreement
The Record· Jul 2, 2026
Fake Google and Cloudflare verification pages spread multiple malware families
Malwarebytes Labs· Jul 2, 2026
Improving security posture across the Microsoft partner ecosystem
Microsoft Security Blog· Jul 2, 2026
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
The Hacker News· Jul 2, 2026
FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
SecurityWeek· Jul 2, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases2
Also Known As
B0win.b0
External Intelligence
Malpedia: win.b0Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.