Cyber Threat Actor: Retina-X hacker

Retina-X hacker, also known as Retina-X Hackers, Retina-X Hacker Group, Hackers of Retina-X, and Retina-X hacker (anonymous), is a threat actor that has been linked to intrusions against companies that produce consumer surveillance software. The actor’s location is noted as the United States of America. These aliases appear in reporting that connects the actor to the exposure of internal data from Retina-X and its affiliate FlexiSpy.

The actor’s known operations involve gaining unauthorized access to the networks of Retina-X and FlexiSpy and exfiltrating customer and internal data. The compromised information revealed how the companies’ spyware products, such as PhoneSheriff, were being used by private individuals to monitor partners, family members, and others without consent. The data showed that the software enabled collection of text messages, GPS locations, photos, and other personal details from victims’ devices. These disclosures highlighted the widespread misuse of commercially available stalkerware in domestic contexts.

In April 2017 the actor was credited with a breach that exposed the extent of spyware abuse, drawing attention from security researchers and media outlets. A subsequent incident reported in June 2021 described another hack of Retina-X that resulted in the theft of customer data, indicating a repeat of the earlier intrusion pattern. Both events were covered by technology news sites and underscored the actor’s focus on companies that market surveillance tools to the general public. No public attribution to a state sponsor or criminal consortium has been made in the available sources.