Cyber Threat Actor: md5
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
The threat actor is known by the alias md5 and has been publicly associated with activity originating from the United States of America. No additional aliases or alternative names have been disclosed in the available sources. The actor’s location is derived from open‑source reporting that identifies the individual or group as operating within the United States.
The only confirmed incident involving md5 is the ransomware attack on FMC Services reported on July 26, 2022. FMC Services is a healthcare‑related organization, indicating that the actor has targeted the healthcare sector. The victim organization is based in the United States, aligning with the actor’s known geographic location. No other sectors or regions have been attributed to md5 in the public record.
In the FMC Services breach, the actor gained unauthorized access to the organization’s systems and deployed ransomware, resulting in the exfiltration of sensitive patient data including names, addresses, Social Security numbers, birth dates, and protected health information. Approximately 233,948 individuals had their personal information accessed during the incident. Following the breach, FMC Services secured its networks, halted the unauthorized activity, engaged external cybersecurity experts to conduct an investigation, and issued notification letters to the affected parties regarding the exposure of their confidential information.
Publicly available sources do not establish any clear attribution to a state sponsor, criminal consortium, or other affiliated group for md5. The actor’s affiliation remains unspecified beyond the alias and the United States location. Consequently, no definitive statements can be made about broader campaigns, operational patterns, or strategic objectives beyond the single ransomware event described.
