Menu
Browse

Cyber Threat Actor: Leopard Boy

Actor Type Location Known Incidents
 Icon
Activist
United States of America
3 incidents
Profile

Leopard Boy is a threat actor known for targeting companies involved in the consumer surveillance industry, specifically those producing and distributing commercial spyware tools. Operating under this singular alias, the actor is associated with breaches of FlexiSpy and Retina-X in April 2017, two firms whose products enabled unauthorized monitoring of personal devices. These incidents exposed tens of thousands of user accounts and internal company data, highlighting the actor’s focus on entities facilitating domestic surveillance and stalking. The breaches revealed how such "stalkerware" products—marketed to private individuals—were weaponized to covertly track GPS locations, intercept communications, and extract sensitive photos and messages without consent, often in contexts of intimate partner surveillance. Leopard Boy’s actions demonstrated a deliberate effort to disrupt these companies’ operations and expose their role in enabling privacy violations, though no explicit financial or espionage motives were documented.

The actor’s targeting centered on U.S.-based consumer surveillance technology providers, with no evidence of campaigns against other sectors or regions. The 2017 operations involved compromising the companies’ systems, leading to data exfiltration that exposed both corporate information and customer accounts. While technical specifics of the intrusions remain undisclosed, the breaches underscored the societal risks of commercially available spyware—tools functionally comparable to government-grade surveillance malware but deployed by civilians for harassment and abuse. One notable case involved a police officer whose personal and professional data was monitored through FlexiSpy software installed by a spouse, illustrating the real-world harm enabled by these products. Leopard Boy’s activities brought attention to the proliferation of stalkerware and its misuse, though no further operations or affiliations with state or criminal groups have been publicly attributed. The actor’s legacy remains tied to exposing the ethical and security failures of the consumer surveillance industry.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
0 sources