APT / THREAT GROUP
ZeroAccess
6
aliases
Last seen:Mar 17, 2026
Intelligence Profile
ZeroAccess is a modular botnet that was primarily active around 2012. It has been observed selling fake antivirus software to infected users, performing click fraud and deploying bitcoin miners.
It utilizes both peer-to-peer networking and a centralized C&C, spoofing the HTTP Host header with fake DGA-generated domains to confuse researchers.
While there is no evidence that the DGA-generated domains were ever intentonally contacted by the malware, faulty middleboxes still caused some requests to be sent to the DGA domains.
Threat Analysis
ZeroAccess is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases6
Also Known As
ZeroAccessMax++SmiscerSirefefwin.zeroaccessZAccess
External Intelligence
Malpedia: win.zeroaccessResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.