nightsky
1 incidentes
1 paises
1 sectores
ransomware CN Ultimo: 2026-06-25
Nightsky is a financially motivated ransomware group that emerged in late December 2021, operating as a short-lived double-extortion ransomware variant. It is strongly linked to the China-based threat actor group known as BRONZE STARLIGHT, also tracked as DEV-0401 or Emperor Dragonfly, which is known for deploying multiple ransomware strains. Nightsky differentiates itself by being a derivative of the Rook ransomware, which itself is based on the leaked Babuk encryptor, often obfuscated with VMProtect. The group’s primary objective is financial gain through high ransom demands, and they are notable for their rapid exploitation of critical vulnerabilities like Log4Shell for initial network infiltration, combining data encryption with threats of public data leakage.
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises afectados
Paises objetivo (SOCRadar)
Bangladesh
Japan
United StatesSectores atacados
Healthcare (1)
Sectores objetivo (SOCRadar)
Food ManufacturingSoftware PublishersEnterprises & HoldingManufacturingElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationBeverag & Tobacco ManufacturingEducational ServicesTextile & Fabric ManufacturingEnergy & Utilities