HOMETHREATSGnosticplayers
APT / THREAT GROUP

Gnosticplayers

1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

The hacker said that he put up the data for sale mainly because these companies had failed to protect passwords with strong encryption algorithms like bcrypt.

Most of the hashed passwords the hacker put up for sale today can cracked with various levels of difficulty --but they can be cracked.

"I got upset because I feel no one is learning," the hacker told ZDNet in an online chat earlier today. "I just felt upset at this particular moment, because seeing this lack of security in 2019 is making me angry."

In a conversation with ZDNet last month, the hacker told us he wanted to hack and put up for sale more than one billion records and then retire and disappear with the money.

But in a conversation today, the hacker says this is not his target anymore, as he learned that other hackers have already achieved the same goal before him.

Gnosticplayers also revealed that not all the data he obtained from hacked companies had been put up for sale. Some companies gave into extortion demands and paid fees so breaches would remain private.

"I came to an agreement with some companies, but the concerned startups won't see their data for sale," he said. "I did it that's why I can't publish the rest of my databases or even name them."

Threat Analysis

Gnosticplayers is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Gnosticplayers — Active Campaign April 2026

Gnosticplayers is conducting an active ransomware campaign targeting organizations across 2 countries. Primary targets: Business Services, Consumer Services. 2 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 4 Apr 2026).

🎯 Business Services🎯 Consumer Services
ACTIVELOW2026

External References

Quick Facts

TypeAPT / Threat Group
Aliases1
SourceMalpedia

Also Known As

Gnosticplayers

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Gnosticplayers — APT / Threat Group | Threat Intelligence | CTIWATCH.COM