| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Kazu is a financially motivated ransomware group known for employing a double extortion model, targeting sectors such as healthcare and government. The group has claimed responsibility for multiple high-profile breaches, including those of Manage My Health and the Defensoría del Pueblo de Colombia, exfiltrating sensitive data through techniques like exploiting unpatched vulnerabilities and credential reuse. Kazu has demanded ransoms ranging from $60,000 to $500,000, threatening public disclosure of stolen data if payments are not made. Their operations have primarily focused on entities in Latin America, Asia, and the Middle East, with a notable presence on dark web leak sites.
There are currently no families associated with this actor.
| 2025-12-30
⋅
Botcrawl
⋅
Saudi Icon Data Breach Exposes 4.15TB in Alleged Kazu Ransomware Attack Kazu |
| 2025-11-18
⋅
DataBreaches.net
⋅
From bad to worse: Doctor Alliance hacked again by same threat actor (2) Kazu |
| 2025-11-17
⋅
The HIPAA Journal
⋅
Doctor Alliance Investigating 353 GB Data Theft Claim Kazu |
| 2025-11-11
⋅
Botcrawl
⋅
National Civil Service Commission of Colombia Data Breach Exposes 2.9 TB of Government Files Kazu |
| 2025-10-08
⋅
Cyfirma
⋅
CYBER THREAT LANDSCAPE REPORT – UNITED ARAB EMIRATES (UAE) Kazu |