Menu
Browse

Cyber Threat Actor: NCA

Actor Type Location Known Incidents
 Icon
Criminal
United Kingdom
1 incident
Profile

The threat actor known by the alias NCA operates from the United Kingdom and came to public attention through a cyber intrusion that began on 1 January 2017. This intrusion targeted the internal networks of the Microsoft corporation and was carried out by an international hacking group that gained unauthorized access to those systems. As a result of the investigation, law enforcement authorities in the United Kingdom arrested two individuals suspected of involvement in the breach. The case drew participation from multiple agencies, including regional cyber crime units within the UK, the Federal Bureau of Investigation, and the European law enforcement body EUROPOL. These agencies executed coordinated actions that involved the seizure of electronic devices and the execution of searches at locations linked to the suspects. Microsoft issued a statement confirming that, despite the intrusion, no customer data had been compromised. Nevertheless, the company noted that authorities were still in the process of assessing the full scope and depth of network infiltration that occurred during the incident period.

The individuals taken into custody were subsequently charged with computer misuse offenses under UK legislation. Parallel investigative efforts were opened in other countries, reflecting the transnational character of the alleged hacking group's activities. The overall operation was described by officials as a coordinated effort aimed at dismantling the network responsible for the intrusion. This incident remains the sole publicly documented campaign attributed to the NCA alias, providing the only concrete insight into the actor's capabilities. No additional information regarding the actor's typical target sectors, strategic objectives, specific malware families, or formal affiliations has been released in open sources. Consequently, any further characterization of NCA must be regarded as speculative and is omitted from this factual profile.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources