Menu
Browse

Cyber Threat Actor: Ouch

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
China
4 incidents
Profile

The threat actor operates under the aliases Ouch and Opheus Haxor. Open‑source reports link the actor to China, although no precise city or institution has been identified. The aliases first appeared in public disclosures during 2015. No further personal details, such as real name or organizational ties, have been released. The actor’s activity is confined to the handles used in the reported incidents.

The actor focused on compromising online platforms to exfiltrate user databases. In several cases the stolen data was posted on Pastebin accompanied by a demand for a small bitcoin payment to have the information removed. This pattern suggests a primary goal of monetary gain rather than espionage or disruption. The targeted sites span varied content types, indicating a broad opportunistic approach rather than a specific industry focus. No evidence points to state sponsorship or ideological motives.

The actor breached the forum of an Italian singer’s website, extracting tens of thousands of usernames. In separate incidents, the actor compromised an art‑focused site and a game‑server hosting site, dumping each database to Pastebin and requesting a modest bitcoin ransom for its removal. Another intrusion targeted a fiction‑community site, resulting in the release of usernames and hashed passwords. These operations demonstrate a repeatable method of gaining access, exporting data, and leveraging public paste services for pressure. The overall activity took place within the first half of 2015.

Incidents
Attributed incidents available to members
4 incidents
Sources
Sources available to members
0 sources