HOMETHREATSBruteEntry
APT / THREAT GROUP

BruteEntry

2
aliases
Last seen:May 13, 2026

Intelligence Profile

According to Cisco Talos, BruteEntry is a Go-based ELF malware family used to convert compromised Linux systems, particularly edge devices, into operational relay boxes that perform large-scale credential brute forcing. It consists of a daemon-like agent and an "instrumentor" written in Go that ensures the agent is running, after which the agent registers with a command-and-control server and receives tasking that includes lists of target hosts and service types. BruteEntry uses embedded credential lists to systematically attempt logins against services such as SSH, PostgreSQL databases, and application servers, reporting back detailed results on success or failure. By distributing scanning and brute-force activity across many infected nodes, BruteEntry provides resilient, outsourced access acquisition capabilities for the operator’s broader intrusion campaigns.

Threat Analysis

BruteEntry is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning BruteEntry

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

BruteEntryelf.brute_entry

External Intelligence

Malpedia: elf.brute_entry

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.