APT / THREAT GROUP
Donut
1
aliases
Intelligence Profile
S!Ri found a new ransomware called Donut that appends the .donut extension and uses the email [email protected].
Threat Analysis
Donut is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Donut
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
Infosecurity Magazine· May 7, 2026
Donuts and Beagles: Fake Claude site spreads backdoor
Sophos X-Ops· May 6, 2026
Termite ransomware breaches linked to ClickFix CastleRAT attacks
BleepingComputer· Mar 7, 2026
Fake Fedex Email Delivers Donuts!, (Fri, Feb 27th)
SANS ISC· Feb 27, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases1
Also Known As
Donut
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.