Menu
Browse

Cyber Threat Actor: Rev0lver

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Criminal
0 incidents
Profile

Rev0lver is also known as W0rm and Hash and has been identified as a Russian individual hacker. The actor has been linked to a series of intrusions targeting high‑profile organizations in the media, financial and technology sectors. Public reports describe Rev0lver as a single person who operates under the alias W0rm and has offered stolen data and access for sale on underground markets. The actor’s nationality is explicitly stated as Russian in multiple sources, though no direct state sponsorship or criminal consortium affiliation is cited.

Rev0lver’s typical tactics include exploiting weak or default credentials, such as the username [email protected] paired with the password Citrix123 to gain administrative access to a content management system. The actor has also leveraged SQL injection vulnerabilities, as seen in the compromise of the Wall Street Journal website where a flaw allowed extraction of database tables. In addition to these initial access vectors, Rev0lver has marketed the stolen information through an exploit marketplace (w0rm.in) and has offered to sell access to networks and databases for payment in Bitcoin. No specific malware families are referenced in the available material concerning this actor.

Notable operations attributed to Rev0lver include the claimed breach of the BBC’s servers, the intrusion into the Wall Street Journal’s news graphics servers, and the alleged compromise of Vice.com, and the alleged hacking of Citrix’s CMS using weak credentials. The actor has also claimed success against Adobe Systems and Bank of America, though these assertions are based on the actor’s own statements. Rev0lver has sold user databases from CNET, the Wall Street Journal and Vice for one Bitcoin each, and has advertised access to compromised networks for similar cryptocurrency payments. These activities demonstrate a pattern of financially motivated data theft combined with occasional claims of altruistic intent to highlight security weaknesses.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
9 sources