Cyber Threat Actor: Nevada
| Actor Type | Location | Known Incidents |
Criminal
|
China
|
1 incident |
|---|
Profile
The Nevada group is athreat actor known by the alias Nevada and has been associated with operations originating from China, according to publicly available information. The actor first came to attention in early 2023 when it claimed responsibility for a ransomware incident that affected multiple hosting providers and a French radio station. No additional aliases or alternative names have been documented in the sources reviewed. The actor’s geographic tie to China is presented as the only location detail that has been made public.
In the reported incident, Nevada targeted hosting providers such as Ikoula and OVH, compromising the virtual machines that underpin their services. The attack also impacted a media organization, Fréquence 3, which relied on Ikoula for its broadcast infrastructure, leading to a thirty‑minute interruption of its FM transmission before backup systems restored service. The group’s web‑radio platforms experienced more severe and prolonged outages, with functionality expected to remain impaired for several days. These effects indicate that the actor’s actions produced both financial pressure through ransom demands and noticeable disruption to the victims’ operations.
The tactics observed in this campaign involved the deployment of ransomware that encrypted data on thousands of virtual machines across the affected hosting environments. Nevada demanded a ransom equivalent to approximately forty‑five thousand euros, payable in bitcoin, in exchange for the decryption keys. No specific malware family or initial‑access vector was disclosed in the available reporting, so the description is limited to the use of ransomware as the primary tooling style and the reliance on cryptocurrency for payment. The actor’s claim of responsibility was communicated through a press release issued by the victim radio station, which also cited external sources estimating the scale of the compromise.
Attribution to the Nevada group rests solely on the victim’s statement and the referenced article from Le Monde Informatique; no public evidence links the actor to a state sponsor, a larger criminal consortium, or any other affiliated entity. The February 3 2023 ransomware attack on hosting providers and the consequent impact on Fréquence 3 remains the only publicly documented operation attributed to Nevada. Consequently, the profile reflects the confirmed facts of this single campaign without extrapolation to broader patterns or capabilities.
