APT / THREAT GROUP
MimiKatz
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Varonis summarizes Mimikatz as an open-source application that allows users to view and save authentication credentials like Kerberos tickets. Benjamin Delpy continues to lead Mimikatz developments, so the toolset works with the current release of Windows and includes the most up-to-date attacks.
Attackers commonly use Mimikatz to steal credentials and escalate privileges: in most cases, endpoint protection software and anti-virus systems will detect and delete it. Conversely, pentesters use Mimikatz to detect and exploit vulnerabilities in your networks so you can fix them.
Threat Analysis
MimiKatz is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning MimiKatz
Defence Impairment Olympics
Huntress Blog· Jun 29, 2026
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
The Hacker News· Mar 9, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
MimiKatzwin.mimikatz
External Intelligence
Malpedia: win.mimikatzResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.