Menu
Browse

Cyber Threat Actor: former contractor

Actor Type Location Known Incidents
 Icon
Insider - Disgruntled
1 incident
Profile

The threat actor known as "former contractor" is linked to a deliberate firmware sabotage incident targeting Orqa, a manufacturer of drone goggles. This individual, previously employed by the company, allegedly implanted a time bomb mechanism within the device bootloader years prior to the incident’s activation. The malicious code triggered in 2023, rendering customer devices inoperable ("bricked"). Following the sabotage, the actor publicly released an unauthorized firmware update purporting to fix the issue, which Orqa warned was likely compromised. The company developed an official security patch to restore functionality, which was undergoing final testing at the time of public reporting.

The actor’s activities demonstrate a focus on disrupting operations within the drone technology sector, specifically targeting Orqa’s consumer hardware. The strategic objective appears centered on causing operational and reputational damage through deliberate product sabotage rather than financial gain or data theft. Tactics include embedding dormant destructive code within critical firmware components and leveraging insider knowledge of the target’s systems to enable long-term persistence. The actor utilized their position as a contractor to gain initial access for implanting the time bomb, later attempting to exploit the resulting crisis by distributing unauthorized firmware—a technique suggesting intent to compound disruption. No affiliations with state actors or criminal groups have been publicly attributed. The 2023 Orqa firmware sabotage represents the only publicly documented operation tied to this individual, highlighting a calculated, retaliatory approach to compromising specialized hardware.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources