Cyber Threat Actor: @Compl3x1ty
| Actor Type | Location | Known Incidents |
Sensationalist
|
United States of America
|
2 incidents |
|---|
Profile
The threat actor known by the aliases@Compl3x1ty and @Shinji_Kagawa has been identified as operating from the United States of America. Public references tie the actor to a Twitter announcement made on February 14 2015 that highlighted a data dump involving a medical organization’s legacy file‑sharing application. No further biographical details, organizational ties, or public statements beyond those incident‑related posts are available in the open sources consulted.
The actor’s observed activity centers on the healthcare sector within the United States, specifically targeting outdated internal systems used by medical groups for non‑patient document sharing. The disclosed technique involved exploiting an SQL injection vulnerability to gain unauthorized access to a legacy application, after which the actor extracted 98 usernames, MD5‑hashed passwords, and email addresses. The extracted data was subsequently posted publicly, prompting external notification efforts and ultimately leading the affected organization to decommission the vulnerable application and remove associated databases. No malware families, custom tooling, or additional intrusion tools are described in the reported incident.
Attribution to any state‑sponsored group, criminal consortium, or broader campaign has not been established in the publicly available material. The February 2015 disclosure remains the sole notable operation linked to these aliases, and no subsequent incidents or broader patterns of activity have been documented. Consequently, the profile is limited to the confirmed facts of the actor’s aliases, geographic location, sector focus, and the specific SQL‑injection‑based data exposure incident.
