Cyber Threat Actor: XJP
| Actor Type | Location | Known Incidents |
Hacker
|
China
|
2 incidents |
|---|
Profile
The threat actor known by the alias XJP operates from China and has been observed using this handle in underground forums. The alias appeared in a public post offering stolen personal data for sale, linking the actor to a specific incident in mid‑2022. No additional aliases or affiliations have been publicly attributed to XJP in the available sources. The actor’s location is noted as China, but no further details about organizational ties or state connections are provided.
XJP’s observed activity targets the public health sector in Shanghai, specifically the municipal COVID‑19 health mobile application. The actor claimed to have obtained personal information from 48.5 million users of this application and offered the dataset for $4,000 on a hacker forum. This indicates a financially motivated objective, as the actor sought monetary compensation for the data. No evidence of espionage, disruption, or ideological goals is present in the reported incident.
The sole publicly reported operation involving XJP is the August 2022 sale of the Shanghai COVID‑app user data on Breach Forums. The actor provided no description of malware, exploit tools, or initial access techniques in the forum post, so specific TTPs such as malware families or vectors remain unspecified in the source material. Consequently, the profile is limited to the confirmed facts of the alias, the geographic focus, the sector targeted, the financial motive evident from the sale offer, and the single documented campaign. No further details about the actor’s capabilities or broader activities can be derived from the given information.
