APT / THREAT GROUP💰 FINANCIAL

killsec

1
campaigns
1
aliases

Intelligence Profile

KillSec originated as a hacktivist group aligned with the Anonymous movement before pivoting to ransomware operations in October 2023, officially launching a RaaS platform in June 2024 with an affiliate-friendly 88% revenue split, primarily targeting healthcare, financial services, and government sectors with over 250 documented victims as of late 2025.

Threat Analysis

killsec is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like killsec prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Known Campaigns

Killsec — Active Campaign March 2026

Killsec is conducting an active ransomware campaign targeting organizations across 3 countries. Primary targets: Financial Services, Healthcare. 6 confirmed victims recorded in the last 45 days. Campaign appears to have stalled.

🎯 Financial Services🎯 Healthcare
MEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Aliases1

Also Known As

killsec

DLS Infrastructure

○ OFFLINEkill432ltnkqvaqntbalnsgojqqs2wz4lhnamrqjg66tq6fuvcztilyd.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
killsec — APT / Threat Group | Threat Intelligence | CTIWATCH.COM