APT / THREAT GROUP

OrBit

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to stormshield, Orbit is a two-stage malware that appeared in July 2022, discovered by Intezer lab. Acting as a stealer and backdoor on 64-bit Linux systems, it consists of an executable acting as a dropper and a dynamic library.

Threat Analysis

OrBit is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning OrBit

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

OrBitelf.orbit

External Intelligence

Malpedia: elf.orbit

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
OrBit — APT / Threat Group | Threat Intelligence | CTIWATCH.COM