Menu
Browse

Cyber Threat Actor: CosmicDark

Actor Type Location Known Incidents
 Icon
Criminal
China
1 incident
Profile

CosmicDark is a threat actor knownby that alias and has been observed operating from China. The actor’s activity appears financially motivated, as evidenced by the sale of stolen credentials for Bitcoin in a publicly reported incident. No further details about the actor’s size, structure, or broader affiliations are available in the source material. The known incident provides the primary basis for understanding CosmicDark’s behavior.

In January 2016 CosmicDark was linked to a breach of a Chinese video streaming platform that exposed approximately 100 million user accounts. The compromised data included email addresses and passwords that had been decrypted from MD5 and SHA1 hashes. Samples of the leaked data showed a high prevalence of email domains such as 163.com, qq.com, and xiaonei.com. An independent breach notification service verified the exposure and noted that a quarter of the affected accounts had previously appeared in other breaches. The stolen credentials were subsequently offered on a dark web marketplace for roughly 300 US dollars in Bitcoin. This incident underscores the rapid monetization of poorly protected user data and the actor’s focus on financial gain through credential theft.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources