Uptime Hamster: 1d 11h 46mDeploy: 14 Jul 2026 21:26Updated: 2026-07-14
Logo del actor de amenaza Returned Libra

Returned Libra

0 incidentes 0 paises 0 sectores apt CN Ultimo: -
Aliases: 8220 Mining Group
Ver en IntelTracker → APTTrail →
Returned Libra is a cyber espionage group with suspected links to state-sponsored activities, primarily driven by motivations of data exfiltration and financial gain. The group distinguishes itself through the execution of highly coordinated phishing campaigns, the exploitation of zero-day vulnerabilities, and the persistent use of advanced techniques to maintain covert access to targeted networks. They frequently deploy custom-built malware and have demonstrated an ability to circumvent established security measures. While specific details regarding their initial emergence are not publicly available, their operational focus remains on long-term intrusion and the illicit acquisition of data for monetary benefit. Returned Libra should be differentiated from the 8220 Mining Group, which operates with a distinct focus on cryptocurrency mining.

Aliases del actor

8220 Mining Group

Actores similares

returned-libraactor · 1silentransomgroupactor · 36GroupIB_TIactor · 11bonacigroupransomware · 2thegreenbloodgroupransomware · 2vanirgroupransomware · 2SilentRansomGroupactor · 2apt-equationgroupactor · 1apt-group5actor · 1bluewindgroupactor · 1
Tecnicas MITRE
T1585.001, T1204, T1539, T1583.001 - Domains, T1102, T1204.002
CVEs relacionadas
CVE-2026-2441, CVE-2026-1340, CVE-2026-1281, CVE-2025-9961, CVE-2025-9288, CVE-2025-9242
Tipo
apt
Pais origen
CN
Motivacion
-
Impacto
70
Actualizado
Thu, 28 Ju

Sectores objetivo (SOCRadar)

HospitalsAccommodationAir TransportationConstructionRestaurantsInternet PublishingInsurancePerforming Arts, Spectator Sports, and Related IndustriesMotor Vehicle ManufacturingLegal Services