APT / THREAT GROUP💰 FINANCIAL
root
1
aliases
Intelligence Profile
root — tracked by MISP Galaxy (ransomware).
Threat Analysis
root is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like root prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning root
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
The Hacker News· Jul 3, 2026
StoneFly Storage Concentrator
CISA Alerts· Jun 30, 2026
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
The Hacker News· Jun 30, 2026
‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access
SecurityWeek· Jun 29, 2026
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
The Hacker News· Jun 26, 2026
The Good, the Bad and the Ugly in Cybersecurity – Week 26
SentinelOne Blog· Jun 26, 2026
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
The Hacker News· Jun 26, 2026
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
Dark Reading· Jun 25, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Aliases1
Also Known As
root
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.