APT / THREAT GROUP
SAGE
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Malware family tracked by Malpedia. ID: win.sage_ransom
Threat Analysis
SAGE is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning SAGE
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
BleepingComputer· Jul 2, 2026
How to Conduct a Successful Audit of AI-Driven Software Development
SecurityWeek· Jul 2, 2026
WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy
SecurityWeek· Jun 29, 2026
FBI: Russian hackers now target Signal backup recovery keys
BleepingComputer· Jun 26, 2026
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
The Hacker News· Jun 26, 2026
Russian Intelligence Services Continue to Target Commercial Messaging Applications
CISA Alerts· Jun 26, 2026
Introduction to COM usage by Windows threats
Cisco Talos Blog· Jun 25, 2026
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
The Hacker News· Jun 23, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
SagaSAGEwin.sage_ransom
External Intelligence
Malpedia: win.sage_ransomResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.