Menu
Browse

Wordplay

Primary URL Location Industry
wordplay[.]com
Country United States of America
Financial Services Icon
Financial Services
Profile

Wordplay is identified as a criminal group that specializes in distributed denial-of-service extortion campaigns. The group’s primary activity involves launching high-volume traffic floods against online services to disrupt operations and demand payment. Their extortion model relies on demanding Bitcoin ransoms in exchange for ceasing the attacks. Wordplay has been observed targeting entities within the financial sector, including stock exchanges, money transfer services, and payment processors.

The group’s headquarters is located in the United States of America, according to available records. In August 2020 Wordplay carried out a coordinated series of attacks that affected the New Zealand stock exchange, MoneyGram, and several payment processors. During that campaign the attackers generated traffic peaks estimated at 200 gigabits per second, overwhelming the victims’ network links. The assaults focused on critical infrastructure components such as API endpoints and DNS servers, leading to multi‑day trading halts and service outages.

Wordplay distinguishes itself by constantly changing its attack vectors and techniques to evade defensive measures. The group has been noted to impersonate other known threat actors when issuing ransom notes, adding a layer of deception to its operations. Security analysts have highlighted that Wordplay’s focus on precise infrastructure targeting represents an escalation beyond earlier DDoS extortion schemes. Experts advise against paying the demanded ransoms, citing the group’s tendency to escalate attacks regardless of payment.

Incidents
Linked incidents available to members
1 incident