Menu
Browse

Cyber Threat Actor: Rogue0

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Criminal
Russia
2 incidents
Profile

The threat actor known as rogue0 and Protag operates with a focus on breaching online platforms to exfiltrate and monetize sensitive user data. Publicly attributed incidents indicate activity dating back to at least 2018, with Russia cited as a location in available reporting. Their operations demonstrate a pattern of targeting entities holding personal or financial information, including political organizations and digital collectible marketplaces, though no explicit sectoral specialization is declared in source material. Strategic objectives appear financially motivated, evidenced by private sales of stolen datasets prior to public leaks, though the 2018 breach of Italy's Movimento 5 Stelle political platform also introduced elements of potential disruption during active policy votes.

Notable operations include the 2019 compromise of Quidd, an online collectibles marketplace, where the actor exfiltrated approximately four million user records containing bcrypt-hashed passwords. The robust hashing implementation reportedly diminished the dataset's black-market value, contributing to its eventual public release on hacking forums. Earlier, in 2018, the same actor breached the Rousseau platform twice within approximately 14 months, extracting donor financial records and candidate information despite prior regulatory sanctions against the platform for security deficiencies. Both incidents involved controlled disclosure tactics—private sales in the Quidd case and selective publication of donor receipts in the Rousseau breach—coupled with claims of possessing broader unauthorized database access. Technical specifics of initial access vectors and tooling remain undocumented in available sources, though the repeated Rousseau compromise suggests potential exploitation of unaddressed vulnerabilities. No verifiable affiliations with state actors or criminal consortiums are explicitly stated in attributed reporting.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
2 sources