HOMETHREATSMora 001
APT / THREAT GROUP💰 FINANCIALHIGH

Mora 001

Internal ID: Mora_001
🇷🇺Russia-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has been observed exploiting CVE-2024-55591 and CVE-2025-24472 vulnerabilities affecting Fortinet devices. The ransom note associated with Mora_001 includes the same TOX ID used by LockBit, indicating a potential affiliation or shared communication channels. Their post-exploitation patterns suggest a structured playbook that differentiates them from other ransomware operators, including LockBit affiliates.

Threat Analysis

Mora 001 is a high-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like Mora 001 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Mora 001 is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

Mora 001 — Active Operations March 2026

Mora 001 is a financial threat actor attributed to Russia. Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has been observed exploiting CVE-2024-55591 and CVE-2025-24472 vulnerabilities affecting Fortinet devices. The ransom note asso...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇷🇺 Russia
Aliases1
SourceMalpedia

Also Known As

Mora_001

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.