APT / THREAT GROUP💰 FINANCIAL
xp95
1
aliases
Intelligence Profile
XP95 is a cyber-extortion group that emerged in March 2026, using a pure data-theft-and-extortion model with a Windows XP/95-themed leak site, with notable targets including Statistics South Africa (154 GB exfiltrated) and the Gauteng Provincial Government.
Threat Analysis
xp95 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like xp95 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Aliases1
Also Known As
xp95
DLS Infrastructure
○ OFFLINE37lfmtakhknzx5t6k57ieijkiqrc4c3kpimfvrmafva25ut2tknvw3yd.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.