Weyhro is a financially motivated data extortion group that emerged in late 2024, rapidly gaining prominence on underground forums by December of that year and launching its dedicated Tor-based leak site by March 2025. While some reports characterize Weyhro primarily as a data exfiltration group operating without file encryption, others indicate they engage in double extortion, which includes both data theft and encryption. A distinguishing characteristic of this threat actor is the alleged shift of its operator, as of December 2025, towards selling a sophisticated command-and-control (C2) toolkit called Weyhro C2, marketed for advanced penetration testing and stealth operations, signaling a potential expansion of their criminal enterprise beyond direct ransomware attacks to enabling other cybercriminals. The group's activities include a notable restriction on its toolkit from operating within Commonwealth of Independent States (CIS) systems, a common tactic among Russian or Eastern Eu

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker