APT / THREAT GROUP
Velvet Ant
Limited data
Intelligence Profile
[Velvet Ant](https://attack.mitre.org/groups/G1047) is a threat actor operating since at least 2021. [Velvet Ant](https://attack.mitre.org/groups/G1047) is associated with complex persistence mechanisms, the targeting of network devices and appliances during operations, and the use of zero day exploits.(Citation: Sygnia VelvetAnt 2024A)(Citation: Sygnia VelvetAnt 2024B)
Threat Analysis
Velvet Ant is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Velvet Ant
In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum
SecurityWeek· Jun 19, 2026
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
The Hacker News· Jun 12, 2026
Quick Facts
TypeAPT / Threat Group
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.