Cyber Threat Actor: Exfocus
| Actor Type | Location | Known Incidents |
Criminal
|
Mexico
|
2 incidents |
|---|
Profile
Exfocus is the alias used bya hacker who has been linked to a series of distributed denial‑of‑service attacks against Rutgers University in 2015. The actor is known to operate from Mexico, although no further geographic details are publicly available. The primary target of the observed activity was the education sector, specifically a large U.S. university, indicating a focus on disrupting academic services and infrastructure. Financial gain appears to be a motivating factor, as the actor disclosed receiving payment in Bitcoin from a client who offered additional compensation if the university contracted a DDoS mitigation provider.
The actor’s tactics rely on a botnet comprising more than eighty‑five thousand compromised machines, which enables the generation of attack traffic around twenty‑five gigabits per second. No specific malware families, initial access vectors, or custom tooling are described in the available sources; the emphasis is on the scale and rental nature of the botnet for volumetric DDoS campaigns. In the reported incidents, Exfocus claimed to have been hired to overwhelm the university’s network, causing outages that affected internet access, Wi‑Fi, credit‑card processing, and learning management systems despite the institution’s prior investments in hardware upgrades and mitigation services.
No public attribution ties Exfocus to a state sponsor, criminal consortium, or any larger threat‑actor group, and the actor’s affiliations remain unspecified based on the evidence provided. The Rutgers University campaigns represent the most notable operations attributed to this actor, illustrating how a financially motivated DDoS‑for‑hire service can repeatedly defeat even recently bolstered defenses. The case highlights the persistence of botnet‑based disruption tactics and the challenges organizations face when facing financially driven, extortion‑oriented attack attempts.
