Cyber Threat Actor: 0APT
| Actor Type | Location | Known Incidents |
Crime Syndicate
|
—
|
2 incidents |
|---|
Profile
0APT, also known by the alias 0APT, is a threat actor that has been observed engaging in direct conflict with other cybercriminal entities. The actor’s known activity centers on targeting ransomware‑as‑a‑service operations, specifically the group KryBit, which provides ransomware kits for Windows, Linux, ESXi and NAS devices. This focus indicates that 0APT directs its efforts toward the infrastructure and affiliates of ransomware providers rather than traditional victim sectors such as finance, healthcare or government. No additional sectors, geographic regions or strategic objectives such as financial gain, espionage or disruption are explicitly documented in the available sources, so those aspects are not included in this profile.
In April 2026, 0APT and KryBit became involved in a reciprocal data‑leak episode that illustrates the actor’s operational approach. 0APT claimed to have breached KryBit’s infrastructure, subsequently leaking information about two administrators, five affiliates, approximately twenty potential victims and the ransom demands associated with the service. In retaliation, 0APT infiltrated KryBit’s systems, exposed access logs, PHP source code and other operational files, listed KryBit as a victim on its own leak site and left a taunting message. KryBit responded by exposing 0APT’s infrastructure and leaking its operational files, while the original victim list attributed to KryBit was later shown to be fabricated. This exchange highlights 0APT’s use of direct intrusion, data exfiltration and public shaming as tactics, though specific malware families, initial access vectors or tooling details are not described in the reported incidents. The episode stands as a representative example of 0APT’s publicly reported operations, demonstrating its capability to engage in sustained cyber conflict with rival ransomware groups.
