Aware: Ransomware Group Operations and Detection
Date: May 25, 2026 | Status: Active Threat | Severity: High (Data Leak & Financial Impact)
Perfil del Actor
Aware is a recently emerged ransomware group that has operated for only one month but causes significant damage due to the high volume of stolen data and lack of public documentation. The group targets corporate environments with an emphasis on extracting sensitive information rather than immediate monetary recovery.Origen y Motivacion
The group is identified as "Aware" based on a Tor-based leak website found at ui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion. No public documentation exists regarding their history, methods of infection, or target profiles.
Tecnicas y Tacticas (TTPs)
- Phase 1: Initial Infection
- Primary vector identified as RCE via remote code execution commands embedded in corporate email attachments. Secondary vectors include network compromise through unpatched vulnerabilities and malware distribution.
- Phase 2: Data Extraction & Exfiltration
- Aggressive data extraction targeting HR records, financial data, contact information, device credentials, and technical documentation via Tor network for anonymous access.
- Phase 3: Damage Control
- Immediate shutdown of affected systems, potential cleanup operations (where possible), and attempt to neutralize any remaining persistence mechanisms.
Campanas Conocidas
| Evento | Dato |
|---|---|
| Aware Leak Site | ui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion (Tor) |
| Targeting Method | RCE via email attachment, network compromise, vulnerability exploitation |
Objetivos y Victimas
Current targets include corporate environments with high volumes of sensitive data including employee records, financial information, device credentials, and technical documentation. No specific victim profile or target list is publicly available.
Indicadores de Compromiso (IOCs)
| Tipo | Valor | Contexto/Notas |
|---|---|---|
| Site: | ui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion | Tor-based leak website (no public documentation) |
| Domain: | No available | Not publicly documented; use Tor network for access. |
Deteccion y Defensa
Aware is currently unmonitored by major threat intelligence platforms. Detection requires monitoring of Tor traffic, email attachment analysis, and RCE activity patterns typical of this group's infection methodology.