Menu
Browse

Cyber Threat Actor: Kernelware

Actor Type Location Known Incidents
 Icon
Sensationalist
Viet Nam
5 incidents
Profile

Kernelware is the alias used by a threat actor who has been active on underground forums such as BreachForums since August 2022 and is publicly associated with Vietnam. The actor describes themselves as sharing free tutorials, releasing data leaks without ransom demands, and occasionally offering databases for sale, while noting personal commitments such as academic exams that have prompted temporary hiatuses from activity. Kernelware has stated publicly that leaks are motivated by personal amusement, boredom, or a desire to humiliate targets rather than financial gain, and has denied any intention to extort money from victims. The actor’s communications emphasize a lack of interest in blackmail or monetization through the sale of stolen material on the forums they frequent.

Kernelware’s disclosed operations have focused on entities in the petroleum and infrastructure sector in Vietnam, including PetroVietnam, Long Son Petrochemicals, and POSCO Engineering & Construction, where schematics, piping diagrams, business registration files, employee records and contract agreements were released. The actor also leaked approximately 73 million customer records from HDB Financial Services, a subsidiary of HDFC Bank in India, exposing personal, employment and financial details. Additional incidents involve the sale of 160 GB of technical documents from Acer’s repair‑technician server and a smaller leak of gigabytes from Acronis that was traced to a single compromised customer account used to upload diagnostic data. No malware families, specific exploit tools or initial‑access vectors are described in the sources; the only referenced technique is the compromise of credentials for a customer account in the Acronis case. Public attribution does not link Kernelware to any state‑sponsored group or criminal consortium, with the only geographic clue being the actor’s self‑reported location in Vietnam. The pattern of activity shows a tendency to target organizations across different industries and regions while maintaining a consistent public stance of non‑financial, curiosity‑driven disclosure.

Incidents
Attributed incidents available to members
5 incidents
Sources
Sources available to members
5 sources