| SYMBOL | COMMON_NAME | aka. SYNONYMS |
SHADOW-AETHER-015 is a highly adaptable cybercriminal group known for identity abuse and cloud compromise, primarily targeting identity and access management systems like Okta and Azure AD/Entra ID. They employ sophisticated social engineering techniques, including vishing and help-desk impersonation, to gain access to legitimate credentials. Their operations involve multi-pressure extortion tactics, such as data theft, ransomware, and employee intimidation, while leveraging MFA fatigue and token theft to bypass authentication controls. The group has been linked to the "0ktapus" phishing campaign and is most active in English-speaking countries, with a focus on sectors rich in sensitive data.
There are currently no families associated with this actor.
| 2026-01-13
⋅
Trend Micro
⋅
Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™ SHADOW-AETHER-015 |