APT / THREAT GROUP
Unidentified Linux 001
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Cybereason, these scripts have been used in an ongoing campaign exploiting a widespread vulnerability in the Exim MTA: CVE-2019-10149. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.
Threat Analysis
Unidentified Linux 001 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
Unidentified Linux 001elf.unidentified_001
External Intelligence
Malpedia: elf.unidentified_001Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.