APT / THREAT GROUP
Ebury
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
This payload has been used to compromise kernel.org back in August of 2011 and has hit cPanel Support which in turn, has infected quite a few cPanel servers. It is a credential stealing payload which steals SSH keys, passwords, and potentially other credentials.
This family is part of a wider range of tools which are described in detail in the operation windigo whitepaper by ESET.
Threat Analysis
Ebury is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
elf.eburyEbury
External Intelligence
Malpedia: elf.eburyResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.