RANSOMWARE OPERATION💰 FINANCIAL
proxima
1
aliases
Intelligence Profile
proxima — tracked by MISP Galaxy (ransomware).
Threat Analysis
proxima is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like proxima prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning proxima
CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
CISA Alerts· Jun 18, 2026
Anthropic Expanding Mythos Access to 150 New Organizations
SecurityWeek· Jun 2, 2026
GitHub investigates internal repositories breach claimed by TeamPCP
BleepingComputer· May 20, 2026
Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack
SentinelOne Blog· Apr 14, 2026
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
BleepingComputer· Apr 14, 2026
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
The Hacker News· Apr 12, 2026
US Charges Uranium Crypto Exchange Hacker
SecurityWeek· Apr 1, 2026
External References
Quick Facts
TypeRansomware Operation
Motivation💰 financial
Aliases1
Also Known As
proxima
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.