Menu
Browse

Cyber Threat Actor: KelvinSecurity Team

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
United States of America
2 incidents
Profile

KelvinSecurity Team, also known as KelvinSecurity Group, is a threat actor publicly identified as operating from the United States of America. The actor has been linked to activities that involve exposing inadequately protected data stores and subsequently advertising the obtained information on underground hacking forums. In the only incident where the actor is explicitly named, they targeted a business consulting firm, highlighting a focus on the professional services sector. The actor stated that their primary goal was to prompt the victim to remediate the exposed backup directory, asserting that they did not actually sell the data and had attempted to notify the organization before making the leak public. This indicates a stated objective centered on driving security improvements rather than direct financial gain.

The actor's observed tactics involve locating and exploiting misconfigured, publicly accessible backup directories or storage buckets as an initial access vector. After gaining access, they exfiltrate datasets containing customer and employee records, including names, email addresses, company contacts, login credentials, and hashed passwords. Rather than deploying malware, the actor relies on the discovery of exposed assets and the use of hacking forums to communicate the breach and apply pressure for remediation. The noted campaign involved the Frost & Sullivan databases, where approximately 6,000 customer records and 6,146 employee records were posted for sale on a forum, although the actor claimed no transaction occurred. No malware families, specific tooling suites, or state affiliations have been publicly attributed to KelvinSecurity Team based on the available information. The actor's known location and alias set remain the only confirmed demographic details, with no evidence pointing to a broader criminal consortium or nation‑state sponsorship.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
0 sources