Cyber Threat Actor: placenta
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
1 incident |
|---|
Profile
The threat actor known by the alias placenta has been observed in a single publicly reported intrusion that targeted a major French sporting goods retailer. The alias appears in underground forums and breach‑related discussions associated with the March 2025 Intersport incident. No other names or variations have been linked to this actor in open sources.
The actor’s activity to date shows a focus on the retail sector within France, as evidenced by the compromise of Intersport’s customer database containing personal and transactional details of approximately 3.4 million French nationals. The stolen data was subsequently offered for sale on a cybercrime marketplace, indicating an intent to derive monetary gain from the information. No evidence points to espionage, disruption, or ideological aims in this case.
Initial access in the Intersport breach was achieved through an exposed FTP server, which allowed the attackers to retrieve a configuration file that contained system passwords. No specific malware families, toolkits, or post‑exploitation frameworks have been reported in connection with placenta. The actor’s activity to date does not include the use of custom malware or zero‑day exploits.
Public attribution does not tie placenta to any state‑sponsored group, criminal consortium, or known hacker collective. The actor remains unattributed beyond the alias used in the breach announcement and the associated forum posts. Consequently, any statements about affiliations, sponsorship, or organizational structure would be speculative.
The Intersport incident stands as the sole documented operation linked to placenta, involving the exfiltration of names, email addresses, postal addresses, invoice numbers, PayPal references, transaction amounts, bank‑card types and loyalty‑card numbers. The database appeared on BreachForums with an asking price of roughly one thousand dollars in cryptocurrency before being removed. This case illustrates the actor’s capability to identify and exploit weak external services to harvest large volumes of personal data for resale.
