PanelActoresCampanasMapaTTPs
Panel » Actores » xp95
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
xp95 logo

xp95

1 incidentes 1 paises 1 sectores ransomware Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
XP95 is a cyber-extortion group that emerged in March 2026, distinguishing itself by exclusively employing a data-theft-and-extortion model rather than deploying encryption malware. The group operates a data leak site characterized by a Windows XP/95 theme, where it publishes proof-of-compromise samples, often cross-posting to platforms like BreachForums. Its primary motivation is financial gain through extortion. Notable early targets include Statistics South Africa, where it exfiltrated 154 GB of data, the Gauteng Provincial Government, and Eholo Health, a Spanish mental health SaaS platform serving over 10,000 psychologists across Spain and Andorra. No indications suggest the group operates under multiple names or is commonly confused with other unrelated threat actors, though its name is a clear stylistic reference.

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

South Africa (1)

Paises objetivo (SOCRadar)

AndorraSpainIrelandKenyaNetherlandsPeruUnited StatesSouth Africa

Sectores atacados

Government (1)

Sectores objetivo (SOCRadar)

Information ServicesProfessional&Technical ServicesEducational ServicesHealthCare & Social AssistancePublic AdministrationAdministrative & Support ServicesResidential Building ConstructionSoftware PublishersComputer Design & ServicesHuman Resources Consulting Services

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com