Cyber Threat Actor: holo-gfx
| Actor Type | Location | Known Incidents |
Sensationalist
|
Russia
|
1 incident |
|---|
Profile
The threat actor known by the alias holo-gfx has been observed in a single publicly reported incident that occurred in March 2021. According to available sources, the actor is associated with Russia, though no further details about their identity, organizational affiliations, or broader activity have been disclosed in open reporting. The alias holo-gfx was used when the actor published stolen material on GitHub following the compromise of a manga‑focused website.
In the reported operation, holo-gfx targeted an online manga scanlation platform, which operates within the entertainment and digital content sector. The actor gained initial access by exploiting a session token that had been exposed in an old database leak, taking advantage of a misconfiguration in the site’s session management to assume control of an administrator and developer account. With this privileged access, the actor exfiltrated the site’s source code and uploaded it to a public repository under the holo-gfx alias, claimed to have identified a file type confusion vulnerability, and hinted at the existence of additional remote code execution flaws and web shells within the environment. The actor also asserted possession of a dumped database, stating that it had not been published at the time of the disclosure.
Attribution to a specific state sponsor or criminal consortium has not been established in public sources; the only geographic indicator referenced is the possible Russian location of the actor. The March 2021 MangaDex breach remains the sole campaign attributed to holo-gfx in open reporting, resulting in the temporary shutdown of the service, a forced security‑focused rewrite of the platform (designated v5), and a public warning to users that their account data should be considered compromised. No further operations or tools have been linked to this alias in the available material.
