APT / THREAT GROUP💰 FINANCIALHIGH
Oni
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Ransomware.
Threat Analysis
Oni is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like Oni prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, Oni is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Intelligence Reports Mentioning Oni
Agentic AI Used to Conduct Ransomware Attack via Langflow
SecurityWeek· Jul 3, 2026
Medtronic Data Breach Impacts 3.8 Million People
SecurityWeek· Jul 3, 2026
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
The Hacker News· Jul 2, 2026
Improving security posture across the Microsoft partner ecosystem
Microsoft Security Blog· Jul 2, 2026
Alleged Scattered Spider hacker extradited to the United States
BleepingComputer· Jul 2, 2026
Medtronic notifies customers impacted by ShinyHunters data breach
BleepingComputer· Jul 2, 2026
Fake Perplexity Chrome extension spies on your searches
Malwarebytes Labs· Jul 1, 2026
ChocoPoc malware delivered via trojanized exploits on GitHub
BleepingComputer· Jul 1, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases2
Also Known As
Oniwin.oni
External Intelligence
Malpedia: win.oniResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.