APT / THREAT GROUP💰 FINANCIALHIGH
Void
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Ransomware.
Threat Analysis
Void is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like Void prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, Void is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Intelligence Reports Mentioning Void
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
The Hacker News· Jun 29, 2026
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
The Hacker News· Jun 15, 2026
Hacker linked to Void Blizzard faces charges over cyberespionage campaign
The Record· Jun 11, 2026
Travel scams are everywhere. Here’s how to avoid them
Malwarebytes Labs· Jun 4, 2026
Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Infosecurity Magazine· May 26, 2026
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
Trend Micro Research· May 21, 2026
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Microsoft Security Blog· May 12, 2026
Websites with an undefined trust level: avoiding the trap
Securelist (Kaspersky)· May 6, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases3
Also Known As
win.voidVoidVoidCrypt
External Intelligence
Malpedia: win.voidResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.