Cyber Threat Actor: Horux
| Actor Type | Location | Known Incidents |
Criminal
|
Russia
|
1 incident |
|---|
Profile
Horux is a Russian‑based hacking group known by the alias Horux. Public reporting identifies the actors as operating from Russia, though no further details about their organizational structure or size have been disclosed. The group first came to attention through a cybersecurity incident involving a United Kingdom healthcare provider, where they gained unauthorized access to an email server. This activity demonstrates that Horux engages in intrusions that enable the misuse of compromised infrastructure for illicit purposes.
In the Kettering General Hospital breach, the compromised email system was leveraged to distribute spam messages advertising illegal goods on the dark web, indicating a financially motivated objective rather than espionage or disruption. The targeting of a hospital suggests that Horux may focus on sectors perceived as having valuable data or weaker defenses, although only this single healthcare incident is publicly documented. The actors’ strategic aim appears to be profit generation through the facilitation of illegal trade via compromised communication channels.
The observed tactics include gaining unauthorized access to email servers and subsequently using those servers to propagate spam campaigns; no specific malware families, initial‑access vectors, or tooling styles are described in the available sources. Attribution to Horux is based on the group’s self‑identified alias and its reported Russian location, with no publicly asserted connection to a state sponsor or larger criminal consortium. The Kettering General Hospital incident serves as the primary example of Horux’s publicly reported operations, illustrating how the group exploits vulnerable IT systems to support illicit financial schemes.
