Cyber Threat Actor: 0mega
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
0 incidents |
|---|
Profile
0mega is a ransomware threat actor first observed in mid-2022, operating a dedicated leak site to pressure victims through data exposure. The group employs double-extortion tactics, combining system encryption with threats to publish sensitive exfiltrated data. Their public communications demonstrate direct engagement with media outlets like DataBreaches.net, providing detailed accounts of compromises and criticizing victim organizations' security postures.
0mega has targeted healthcare-adjacent sectors, exemplified by their compromise of Aviacode—a medical billing and coding provider handling sensitive patient data as a business associate under HIPAA. The group's strategic objective centers on financial gain through extortion, evidenced by their persistent attempts to negotiate with Aviacode management after locking systems. Their operational tradecraft includes compromising email servers to establish communication channels with corporate leadership, conducting live surveillance of victim networks, and monitoring administrative command-line activities. During the Aviacode intrusion, they exfiltrated over 200 GB of files containing employee payroll records, contractor tax documents (including W-2s and 1099s), terminated employee background checks, and credentials reused across accounts. The group maintains limited public visibility, with only three victims listed on their leak site between mid-2022 and early 2023. Their attack on Aviacode revealed operational patterns including extended network dwell time (over six weeks between initial compromise and data dump), aggressive attempts to force victim engagement through executive-level email bombing, and systematic exfiltration of human resources data alongside potential administrative credentials. The actor's public statements emphasize deliberate targeting of organizations perceived as having inadequate incident response capabilities, particularly criticizing Aviacode's technical staff for alleged incompetence and management for delayed decision-making.