Menu
Browse

Cyber Threat Actor: Kazu

Actor Type Location Known Incidents
Undetermined
1 incident
Profile

The threat actor known as Kazu has been publicly linked to a significant cyberattack against a New Zealand-based online patient health portal in late 2025. This operation resulted in the compromise of personal data belonging to more than 100,000 registered users. The attacker explicitly threatened to sell or publish the stolen files unless a ransom payment was made, indicating a primary financial motivation behind the intrusion. The targeting of a healthcare-related digital platform demonstrates a deliberate focus on sectors handling sensitive personal information, though no broader regional or sectoral patterns have been formally documented beyond this incident. Public reporting does not specify the technical methods or malware families employed in the breach, nor does it attribute the activity to any state-sponsored group or criminal consortium.

The December 2025 healthcare portal breach represents Kazu's only publicly reported operation to date. Following the incident, the compromised organization confirmed containment measures, system security enhancements, and initiated notifications to healthcare providers prior to direct patient communications. The company established a dedicated support helpline while acknowledging shortcomings in both security protocols and crisis communication. Government authorities ordered a formal review of data protection practices and third-party access vulnerabilities, criticizing the portal operator's security failures. Legal injunctions were obtained to prevent further dissemination of stolen data, though no additional details regarding Kazu's infrastructure, collaborators, or ransom negotiations have been disclosed in available sources. The actor's public footprint remains limited to this single campaign targeting healthcare data for extortion purposes.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources