APT / THREAT GROUP💰 FINANCIAL

frag

1
aliases

Intelligence Profile

Frag is a ransomware group that emerged in late 2024, exploiting a critical Veeam Backup & Replication vulnerability (CVE-2024-40711) to compromise targets in industrial sectors, with blockchain analysis linking it to a shared wallet cluster with the Akira group.

Threat Analysis

frag is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like frag prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Intelligence Reports Mentioning frag

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Aliases1

Also Known As

frag

DLS Infrastructure

○ OFFLINExhvzsaxl3vbio6dg547envq5xgap3pwobtursdvwatdoxextv43kb7id.onion
○ OFFLINE34o4m3f26ucyeddzpf53bksy76wd737nf2fytslovwd3viac3by5chad.onion
○ OFFLINE34o4m3f26ucyeddzpf53bksy76wd737nf2fytslovwd3viac3by5chad.onion
○ OFFLINE34o4m3f26ucyeddzpf53bksy76wd737nf2fytslovwd3viac3by5chad.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
frag — APT / Threat Group | Threat Intelligence | CTIWATCH.COM