APT / THREAT GROUP
Demo
2
aliases
Intelligence Profile
Ransomware only encrypts .jpg files
Threat Analysis
Demo is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Demo
Agentic AI Used to Conduct Ransomware Attack via Langflow
SecurityWeek· Jul 3, 2026
Fake Bug Report Hijacks AI Coding Agents at Scale
Dark Reading· Jun 30, 2026
Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines
SecurityWeek· Jun 29, 2026
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
The Hacker News· Jun 26, 2026
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
SecurityWeek· Jun 22, 2026
French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation
SecurityWeek· Jun 20, 2026
Supply Chain Compromises Impact Nx Console and GitHub Repositories
CISA Alerts· May 28, 2026
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
Cisco Talos Blog· May 28, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
DemoCryptoDemo
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.