A brand new cybercrime group calling itself 0APT has claimed to have breached a whole lot of main corporations, however safety specialists now say the entire thing is probably going a mere bluff.
In line with researchers at GuidePoint’s Analysis and Intelligence Group (GRIT), the group is utilizing a mixture of faux names and actual corporations to trick companies into paying ransoms for knowledge that was by no means truly stolen.
Researchers additionally state that they’ve seen no proof that any of those victims have been truly hacked, describing the lists as “wholly fabricated generic firm names and recognisable organisations.”
A “Staggering” Variety of Faked Victims
Most new hacking teams, as we all know them, begin small. Nevertheless, 0APT appeared on 28 January 2026 and instantly claimed over 200 victims in only one week. This “staggering” velocity, GRIT famous, induced speedy suspicion amongst specialists.
The group’s web site, which seemed like a typical website for leaking stolen knowledge, immediately went offline on 8 February after experiences surfaced that their numbers didn’t add up. It reappeared the subsequent day, however with the record slashed to simply 15 massive worldwide organisations. The staff additionally discovered that for a few of these “victims,” there had been no break-in in any respect.
Curiously, the group’s leak website interface intently resembles one beforehand utilized by ShinyHunters and an related group, the place databases from corporations similar to SoundCloud, Crunchbase, and Betterment have been leaked final month.
Additional analysis resulted within the staff discovering a easy however efficient trick behind the group’s “leaks.” They famous that “the group’s servers are doubtless piping a stream of /dev/random straight into the person’s browser.” Principally, they’re sending ineffective digital “noise” to a person’s laptop to make it appear like a large, 20GB encrypted file is being downloaded.
Scamming Each Corporations and Criminals
Even with out a actual hack, 0APT remains to be in search of a payday. As per GuidePoint’s weblog publish, shared completely with Hackread.com, the group is perhaps attempting to “re-extort” corporations utilizing previous knowledge stolen by different teams years in the past.
Researchers famous that 0APT is following a sample set by different “fabulist” or fake teams. For instance, a gaggle known as RansomedVC was identified to purchase previous stolen knowledge and even “create fictitious knowledge to deceive certainly one of their victims” again in 2023. One other group, FunkSec, used easy instruments to construct faux credibility for their very own boards and public sale websites.
Curiously, in addition they appear to be focusing on fellow criminals. In line with researchers, earlier variations of 0APT’s website required a “1BTC safety bond” from anybody wanting to hitch their operation. It is a widespread rip-off within the underworld; a gaggle known as Mogilevich used the identical tactic in 2024. As that group later admitted: “In actuality, we aren’t a ransomware-as-a-service, however skilled fraudsters.”
It’s value noting that this tactic may be extremely profitable; the Mogilevich actor “claimed to have defrauded cybercriminals out of a minimum of $85,000.”
Whereas 0APT’s present claims are doubtless “totally fabricated,” they may nonetheless perform actual assaults later. For now, specialists say companies shouldn’t panic. Until you discover a ransom notice or locked recordsdata, your look on their record might be only a fabrication.
