Cyber Threat Actor: Cosmic Lynx
| Actor Type | Location | Known Incidents |
Sensationalist
|
Netherlands
|
2 incidents |
|---|
Profile
Cosmic Lynx is a threat actor known by that alias and has been associated with operations originating from the Netherlands. The actor’s public profile is defined by two disclosed incidents that illustrate its activity patterns.
In April 2019 Cosmic Lynx leaked personal data belonging to members of the American Advertising Federation, falsely presenting the information as an FBI watchlist. The initial release comprised roughly four thousand records containing names, email addresses, job titles, telephone numbers and postal addresses, which the actor claimed were obtained through vulnerabilities in third‑party software used by local chapters. After the first posting, more than twenty thousand additional entries were published under the same pretext, although analysis suggested these were likely previously compromised advertising industry data. The federation confirmed that its national database remained intact while acknowledging the possibility of chapter‑level breaches, and noted that the actor maintained an active website hosting the stolen material despite being suspended from social media platforms.
In June 2015 a Dutch manufacturer identified unauthorized access to its customer database, an incident attributed to Cosmic Lynx. The breach exposed customer names, email addresses and product order details, though financial information was not stored in the compromised system. Upon discovery through routine monitoring, the company invalidated all account passwords and required users to reset credentials, while internal checks found no evidence of plaintext password storage. The response was managed externally because no board members were immediately available for comment, and the actor did not retain persistent access after the password reset.
