HOMETHREATSCoralRaider
APT / THREAT GROUP💰 FINANCIALHIGH

CoralRaider

🇻🇳Vietnam-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

CoralRaider is a financially motivated threat actor of Vietnamese origin, targeting victims in Asian and Southeast Asian countries since at least 2023. They use the RotBot loader family and XClient stealer to steal victim information, with hardcoded Vietnamese words in their payloads. CoralRaider operates from Hanoi, Vietnam, and uses a Telegram bot as a C2 channel for their malicious campaigns. Their activities include system reconnaissance, data exfiltration, and targeting victims in multiple countries in the region.

Threat Analysis

CoralRaider is a high-sophistication threat actor attributed to Vietnam, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like CoralRaider prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, CoralRaider is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

CoralRaider — Active Operations March 2026

CoralRaider is a financial threat actor attributed to VN. CoralRaider is a financially motivated threat actor of Vietnamese origin, targeting victims in Asian and Southeast Asian countries since at least 2023. They use the RotBot loader family and XClient stealer to steal victim information, with hardcoded Vietnamese words in their payl...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇻🇳 Vietnam
Aliases1
SourceMalpedia

Also Known As

CoralRaider

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
CoralRaider — APT / Threat Group | Threat Intelligence | CTIWATCH.COM