APT / THREAT GROUP
First
1
aliases
Intelligence Profile
It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc..
Threat Analysis
First is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning First
In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting
SecurityWeek· Jul 3, 2026
Agentic AI Used to Conduct Ransomware Attack via Langflow
SecurityWeek· Jul 3, 2026
Medtronic Data Breach Impacts 3.8 Million People
SecurityWeek· Jul 3, 2026
Alleged Scattered Spider Hacker Extradited to US
SecurityWeek· Jul 3, 2026
Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices
SecurityWeek· Jul 3, 2026
Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution
SecurityWeek· Jul 3, 2026
How We Added WebAuthn to a Browser-Based RDP Client
Palo Alto Unit 42· Jul 2, 2026
Improving security posture across the Microsoft partner ecosystem
Microsoft Security Blog· Jul 2, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases1
Also Known As
First
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.