APT / THREAT GROUP
LOWKEY
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Malware family tracked by Malpedia. ID: win.lowkey
Threat Analysis
LOWKEY is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning LOWKEY
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
BleepingComputer· Jun 10, 2026
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
SecurityWeek· May 20, 2026
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
The Hacker News· May 20, 2026
Microsoft shares mitigation for YellowKey Windows zero-day
BleepingComputer· May 20, 2026
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
The Hacker News· May 18, 2026
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News· May 14, 2026
Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
SecurityWeek· May 14, 2026
Windows BitLocker zero-day gives access to protected drives, PoC released
BleepingComputer· May 13, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
LOWKEYwin.lowkeyPortReuse
External Intelligence
Malpedia: win.lowkeyResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.