SYMBOLCOMMON_NAMEaka. SYNONYMS

Kinsing  (Back to overview)

aka: Money Libra

This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear if they conducted the attacks themselves, or if they bought leaked databases from third parties.


Associated Families

There are currently no families associated with this actor.


References
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:money:f5f3920, author = {Unit 42}, title = {{Money Libra}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/moneylibra/}, language = {English}, urldate = {2022-07-25} } Money Libra
Kinsing Kinsing
2020-11-24Trend MicroJaromír Hořejší, David Fiser
@online{hoej:20201124:analysis:9e93ede, author = {Jaromír Hořejší and David Fiser}, title = {{Analysis of Kinsing Malware's Use of Rootkit}}, date = {2020-11-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html}, language = {English}, urldate = {2020-11-25} } Analysis of Kinsing Malware's Use of Rootkit
Kinsing Kinsing
2020-11-23sysdigKaizhe Huang
@online{huang:20201123:zoom:b9540f5, author = {Kaizhe Huang}, title = {{Zoom into Kinsing}}, date = {2020-11-23}, organization = {sysdig}, url = {https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/}, language = {English}, urldate = {2022-07-25} } Zoom into Kinsing
Kinsing Kinsing
2020-04-03AquaGal Singer
@online{singer:20200403:kinsing:e67c720, author = {Gal Singer}, title = {{Kinsing Malware Attacks Targeting Container Environments}}, date = {2020-04-03}, organization = {Aqua}, url = {https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability}, language = {English}, urldate = {2020-04-13} } Kinsing Malware Attacks Targeting Container Environments
Kinsing Kinsing

Credits: MISP Project