Cyber Threat Actor: Funksec
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
1 incident |
|---|
Profile
Funksec operates as a ransomware threat actor employing double extortion tactics to pressure victims into paying ransoms. The group publicly claims responsibility for attacks to amplify reputational damage against targets, explicitly threatening to release stolen data unless payment is made. Their confirmed operations demonstrate a pattern of targeting educational institutions and government entities, as evidenced by their breach of Université de Rennes and historical focus on government victims. The group pursues financial gain through extortion, leveraging stolen sensitive data such as student records, credentials, and internal documents to coerce payments. Funksec issues time-bound ultimatums to victims, typically allowing nine days before threatened data disclosure, creating urgency around ransom negotiations.
The March 2025 attack on Université de Rennes exemplifies Funksec's operational approach, compromising a pedagogical subnet to exfiltrate approximately 50 GB of data. While the university contained the breach to a subnet without broader network disruption, Funksec’s public claims of data theft remained unverified by the institution. This incident reflects the group’s consistent methodology of combining network encryption with data theft threats, though specific malware families or initial access vectors remain undocumented in public reporting. No verifiable affiliations with state actors or criminal consortiums have been publicly attributed to Funksec. The group maintains operational flexibility, adapting pressure tactics based on victim responses while avoiding geographically restricted targeting based on available evidence.
