Uptime Hamster: 15d 6h 36mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Velvet Tempest

Velvet Tempest

0 incidentes 0 paises 0 sectores apt CN Ultimo: -
Aliases: DEV-0504
Ver en IntelTracker → APTTrail →
Velvet Tempest, also identified by Microsoft as DEV-0504, is a financially motivated ransomware affiliate group that operates within the Ransomware-as-a-Service (RaaS) ecosystem. This group distinguishes itself through its consistent adaptation and migration between various prominent RaaS offerings, having been associated with Ryuk, REvil, Conti, BlackMatter, BlackCat/ALPHV, LockBit, RansomHub, and Termite ransomware. Velvet Tempest functions by acquiring access to target networks, deploying diverse ransomware payloads, and engaging in multi-extortion schemes. The group's primary objective is financial gain through encryption and data exfiltration. Unlike state-sponsored entities, Velvet Tempest is a criminal organization focused on maximizing profit from its operations.

Aliases del actor

DEV-0504

Actores similares

devmanransomware · 184Network Devicesactor · 1Compromise Software Dependencies and Development Toolsactor · 1Device Driver Discoveryactor · 1Velvet Antapt · 1Cinnamon Tempestactor · 1Mustard Tempestapt · 1CS FQL: 32. Detect Data Exfiltration via external storage devicesactor · 1dev-0322actor · 1dev-0343actor · 1
Tecnicas MITRE
T1078, T1071.001, T1027.001, T1566.001
Tipo
apt
Pais origen
CN
Motivacion
-
Impacto
29
Actualizado
Sat, 03 Fe

Sectores objetivo (SOCRadar)

Energy & Utilities ManufacturingInformation ServicesOil & GasFood ManufacturingTextile & Fabric Manufacturing