Menu
Browse

Cyber Threat Actor: No Escape

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Crime Syndicate
France
3 incidents
Profile

The threat actor known by the aliases No Escape, near2tlg and nears has been observed operating from France. The group is described as an international criminal collective that conducts intrusions for profit. Its activities have been linked to a series of cyberattacks against French organizations in different sectors. The actor’s name appears in public reporting alongside the moniker nears when discussing credential‑based breaches. No explicit ties to any state sponsor have been presented in open sources.

Targeting has focused on retail, healthcare and agricultural entities located within France. In the retail case the actor compromised an energy‑savings program and harvested personal data, email addresses and possibly authentication material. The healthcare intrusion involved the use of stolen privileged credentials to gain access to the MediBoard platform and obtain patient records. The agricultural attack featured the gathering of identification documents, contracts and operational plans followed by a double extortion scheme that threatened public release, DDoS disruption and spam campaigns unless a payment was made. Across these incidents the actor’s primary motivation appears to be financial gain, with stolen information offered for sale or used to extort ransom. No specific malware families or custom tooling are detailed in the available reports.

The January 2025 breach of a French retailer’s energy‑savings program illustrates the actor’s ability to target consumer‑facing services and collect personally identifiable information. The November 2024 incident at a French healthcare facility, where threat actors used stolen credentials to access the MediBoard system and exfiltrate records for roughly three quarters of a million patients, demonstrates a focus on high‑value health data. The September 2023 attack on the agricultural cooperative Scara, attributed to the No Escape alias, showcases the double extortion tactic that combines data theft with threats of service disruption and spam unless a ransom is paid. Open‑source descriptions consistently label No Escape as an international criminal group without indicating any state affiliation or sponsorship. These publicly reported operations collectively portray a financially motivated actor that relies on credential abuse and data theft to monetize access across multiple French sectors.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
0 sources