APT / THREAT GROUP

KadNap

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Black Lotus Labs, KadNap primarily targets Asus routers, conscripting them into a botnet that proxies malicious traffic. It employs a custom version of the Kademlia Distributed Hash Table (DHT) protocol, which is used to conceal the IP address of their infrastructure within a peer-to-peer system to evade traditional network monitoring.

Threat Analysis

KadNap is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning KadNap

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

KadNapelf.kadnap

External Intelligence

Malpedia: elf.kadnap

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.