HOMETHREATSDesertBlade
APT / THREAT GROUP

DesertBlade

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Microsoft, this was used in a limited destructive malware attack in early March 2022 impacting a single Ukrainian entity. DesertBlade is responsible for iteratively overwriting and then deleting overwritten files on all accessible drives (sparing the system if it is a domain controller).

Threat Analysis

DesertBlade is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.desertbladeDesertBlade

External Intelligence

Malpedia: win.desertblade

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.