HOMETHREATSRhadamanthys
APT / THREAT GROUP

Rhadamanthys

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.

At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.

Threat Analysis

Rhadamanthys is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Rhadamanthys

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.rhadamanthysRhadamanthys

External Intelligence

Malpedia: win.rhadamanthys

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Rhadamanthys — APT / Threat Group | Threat Intelligence | CTIWATCH.COM