APT / THREAT GROUP

Bignosa

🇰🇪KE-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Bignosa is a threat actor known for launching malware campaigns targeting Australian and US organizations using phishing emails with disguised Agent Tesla attachments protected by Cassandra Protector. They compromised servers by installing Plesk and RoundCube, connected via SSH and RDP, and used advanced obfuscation methods to evade detection. Bignosa collaborated with another cybercriminal named Gods, who provided advice and assistance in their malicious activities. The actor has been linked to multiple phishing attacks and malware distribution campaigns, showcasing a high level of sophistication in their operations.

Threat Analysis

Bignosa is a known-sophistication threat actor attributed to KE, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Bignosa — Active Operations March 2026

Bignosa is a unknown-motivation threat actor attributed to KE. Bignosa is a threat actor known for launching malware campaigns targeting Australian and US organizations using phishing emails with disguised Agent Tesla attachments protected by Cassandra Protector. They compromised servers by installing Plesk and RoundCube, connected via SSH a...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇰🇪 KE
Aliases1
SourceMalpedia

Also Known As

Bignosa

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.