APT / THREAT GROUP
Xpan
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Malware family tracked by Malpedia. ID: win.xpan
Threat Analysis
Xpan is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Xpan
Gardyn IoT Hub
CISA Alerts· Jul 2, 2026
CubeSpace CW0057 Reaction Wheel
CISA Alerts· Jul 2, 2026
Delta Electronics DVP12SE PLC
CISA Alerts· Jun 30, 2026
Frangoteam FUXA SCADA/HMI
CISA Alerts· Jun 30, 2026
Quantifind Raises $200 Million for AI-Native Risk Intelligence
SecurityWeek· Jun 30, 2026
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
The Hacker News· Jun 29, 2026
Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk
Securelist (Kaspersky)· Jun 26, 2026
Delta Electronics DTM Soft
CISA Alerts· Jun 25, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
Xpanwin.xpan
External Intelligence
Malpedia: win.xpanResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.