APT / THREAT GROUP💰 FINANCIAL
orca
1
aliases
Intelligence Profile
Orca is a ransomware group that emerged in September 2024, identified as a variant of the Zeppelin malware family, targeting organizations in manufacturing and logistics across Taiwan, Tunisia, Austria, and France, claiming to avoid hospitals, government institutions, and non-profits.
Threat Analysis
orca is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like orca prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning orca
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
The Hacker News· Feb 24, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Aliases1
Also Known As
orca
DLS Infrastructure
○ OFFLINEorca66hwnpciepupe5626k2ib6dds6zizjwuuashz67usjps2wehz4id.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.