Menu
Browse

Cyber Threat Actor: w0rm hacking crew

Actor Type Location Known Incidents
 Icon
Criminal
1 incident
Profile

The w0rm hacking crew is a cybercriminal group recognized for targeting both media organizations and rival threat actors. Operating under the alias "w0rm," the group demonstrated a focus on financially motivated operations, particularly through the theft and sale of compromised data. Their activities reflect a pattern of inter-group competition within underground ecosystems, prioritizing opportunistic breaches over publicly documented ideological or state-aligned objectives.

One notable operation attributed to w0rm occurred in September 2015, when the group infiltrated Monopoly, a cybercriminal entity specializing in fraud-related data sales. w0rm exfiltrated Monopoly’s database and listed it for sale on their underground forum, pricing the data at $500, €450, or 2.15 Bitcoin. This breach represented an aggressive business tactic, exploiting a rival’s resources without overt justification or prior conflict. While the exact contents of the stolen data were unspecified, the incident highlighted w0rm’s willingness to target other criminal groups—a less common strategy than attacks on conventional entities. Historical reporting also indicates w0rm conducted high-profile attacks against media organizations, though specific incidents lack public elaboration. The group’s operations consistently centered on monetizing stolen information, leveraging underground platforms for distribution. No explicit affiliations with state actors or broader criminal consortia have been publicly attributed to w0rm, and their geographic origins remain unconfirmed. The Monopoly intrusion underscored their adaptability in shifting targets based on perceived financial opportunity rather than consistent sectoral focus.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources