Menu
Browse

Cyber Threat Actor: Evide

Actor Type Location Known Incidents
 Icon
Criminal
Ireland
1 incident
Profile

The threat actor known as Evide operates with this primary alias publicly documented. While geographic context associates the actor with Ireland, available reporting does not specify whether this indicates operational base, victimology focus, or jurisdictional registration. The entity functions as a software provider, with its Impact Tracker platform serving as the intrusion vector in at least one confirmed compromise. This positioning within the software supply chain creates indirect exposure risks for downstream clients relying on Evide's services.

Evide's sole publicly confirmed operation impacted the Inishowen Development Partnership (IDP), a community development organization in Ireland, through a March 2023 cyberattack. The breach originated from unauthorized access to Evide's systems, specifically compromising limited participant contact details stored within the Impact Tracker platform used by IDP. Notably, the incident did not involve financial or medical records, and IDP confirmed its own infrastructure remained uncompromised. Forensic analysis found no evidence of the stolen data circulating on dark web markets, though both Evide and IDP advised affected parties to presume access occurred. The breach triggered mandatory reporting to Ireland's Data Protection Commission alongside individual notifications advising vigilance against identity theft risks.

This incident highlights Evide's role in enabling third-party data exposure rather than direct targeting patterns. The compromise occurred independently of IDP's security posture, emphasizing risks inherent in vendor dependencies. No tactics, techniques, or procedures (TTPs) were detailed beyond the exploitation of Evide's software platform as an access vector. Public sources do not attribute the intrusion to specific malware families, tooling signatures, or collaborative threat groups. Similarly, no strategic objectives—whether financial, disruptive, or espionage-oriented—are explicitly cited in available reporting. The absence of subsequent disclosures or claimed affiliations leaves operational scope, scale, and possible state or criminal ties undetermined based on currently available information.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources