NetRunnerPR
Intelligence Profile
NetRunnerPR has claimed to breach the networks of Shiraume Hospital and Nippon Medical School Musashi Kosugi Hospital in Japan, exfiltrating patient PII and medical records. The actor announced plans to release a complete database on March 5, 2026, and an additional 20,000 records on February 16, 2026, contingent on undisclosed conditions. The claims were made on a cybercrime forum, accompanied by sample data to validate the breaches. NetRunnerPR's account shows limited activity history and lacks a documented history of major ransomware operations or confirmed breaches, raising questions about the credibility of the claims.
Threat Analysis
NetRunnerPR is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like NetRunnerPR prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, NetRunnerPR is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Known Campaigns
NetRunnerPR is conducting an active ransomware campaign targeting organizations across 0 countries. 6 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 2 Apr 2026).