Cyber Threat Actor: Caremar Leaker
| Actor Type | Location | Known Incidents |
Criminal
|
Italy
|
1 incident |
|---|
Profile
The threat actorknown as Caremar Leaker has been identified primarily through a single reported incident involving an Italian ferry operator. The actor uses the alias Caremar Leaker and is associated with Italy, although no further personal or organizational details have been publicly disclosed. On April 13, 2023, Caremar Leaker claimed responsibility for a data breach affecting Caremar, a company that provides passenger ferry services in the region. The breach resulted in the exfiltration of customer data, which the actor subsequently offered for sale on an underground cybercrime forum. This incident represents the only publicly documented activity attributed to the Caremar Leaker alias at present.
During the breach, Caremar Leaker posted samples of the stolen information on the XSS forum to demonstrate that the compromise was successful and to validate the authenticity of the data. The actor then advertised the full dataset for private sale, indicating an intention to monetize the stolen information through a direct transaction rather than a public auction. The XSS forum is described as a prominent Russian-language platform that is frequented by ransomware groups and other cybercriminals for trading illicit goods and discussing security topics. By using this forum, Caremar Leaker accessed a community known for facilitating the sale of compromised data and related cybercrime services. The actor’s reliance on XSS suggests a preference for established underground markets where buyers and sellers can negotiate privately.
No additional campaigns or operations have been publicly linked to the Caremar Leaker alias beyond the April 2023 incident involving Caremar. Consequently, any broader targeting patterns, sector preferences, or strategic objectives remain unspecified in the available open-source reporting. The actor’s affiliation with any state sponsor, criminal consortium, or larger threat group has not been established through credible public sources. Attribution to the Caremar Leaker alias is based solely on the actor’s self-identification in the forum post and the associated proof of data possession. As a result, the current profile is limited to the confirmed facts of the single breach, the use of the XSS forum for advertisement, and the actor’s stated location in Italy.
