HOMETHREATSCarmine Tsunami
APT / THREAT GROUP HACKTIVISM

Carmine Tsunami

🇮🇱Israel-attributed
1
campaigns
3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Carmine Tsunami is a threat actor linked to an Israel-based private sector offensive actor called QuaDream. QuaDream sells a platform called REIGN to governments for law enforcement purposes, which includes exploits, malware, and infrastructure for data exfiltration from mobile devices. Carmine Tsunami is associated with the iOS malware called KingsPawn and has targeted civil society victims, including journalists, political opposition figures, and NGO workers, in various regions. They utilize domain registrars and inexpensive cloud hosting providers, often using single domains per IP address and deploying free Let's Encrypt SSL certificates.

Threat Analysis

Carmine Tsunami is a known-sophistication threat actor attributed to Israel, engaged in cyber operations with a primary motivation of hacktivism.

As a hacktivist-aligned entity, Carmine Tsunami conducts operations driven by ideological, political, or social grievances, typically through website defacements, DDoS attacks, and the leaking of sensitive data to advance a public narrative.

Known Campaigns

Carmine Tsunami — Active Operations March 2026

Carmine Tsunami is a hacktivism threat actor attributed to IL. Carmine Tsunami is a threat actor linked to an Israel-based private sector offensive actor called QuaDream. QuaDream sells a platform called REIGN to governments for law enforcement purposes, which includes exploits, malware, and infrastructure for data exfiltration from mobile d...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation hacktivism
Origin🇮🇱 Israel
Aliases3
SourceMalpedia

Also Known As

QuaDreamDEV-0196Carmine Tsunami

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.