RANSOMWARE OPERATION💰 FINANCIAL

alp-001

1
campaigns
1
aliases

Intelligence Profile

alp-001 — tracked by MISP Galaxy (ransomware).

Threat Analysis

alp-001 is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.

Financially motivated threat actors like alp-001 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Known Campaigns

Alp-001 — Active Campaign April 2026

Alp-001 is conducting an active ransomware campaign targeting organizations across 7 countries. Primary targets: Technology, Telecommunication. 15 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 8 Apr 2026).

🎯 Technology🎯 Telecommunication
ACTIVEHIGH2026

External References

Quick Facts

TypeRansomware Operation
Motivation💰 financial
Aliases1

Also Known As

alp-001

DLS Infrastructure

○ OFFLINEb4riuxx7ypobdptctf6lyfcvgi6vn74iurzdh4kn2agbk7472dvywgyd.onion
○ OFFLINEqthem3ogqqixjhhwacto6pqbjfy2vcykdlz7woulnewsrwy4lfjocfqd.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.