RANSOMWARE OPERATION💰 FINANCIAL
alp-001
1
campaigns
1
aliases
Intelligence Profile
alp-001 — tracked by MISP Galaxy (ransomware).
Threat Analysis
alp-001 is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like alp-001 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Known Campaigns
Alp-001 — Active Campaign April 2026
Alp-001 is conducting an active ransomware campaign targeting organizations across 7 countries. Primary targets: Technology, Telecommunication. 15 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 8 Apr 2026).
🎯 Technology🎯 Telecommunication
ACTIVEHIGH2026
External References
Quick Facts
TypeRansomware Operation
Motivation💰 financial
Aliases1
Also Known As
alp-001
DLS Infrastructure
○ OFFLINEb4riuxx7ypobdptctf6lyfcvgi6vn74iurzdh4kn2agbk7472dvywgyd.onion
○ OFFLINEqthem3ogqqixjhhwacto6pqbjfy2vcykdlz7woulnewsrwy4lfjocfqd.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.