Exitium
| Active
Exitium is a data extortion group first observed in early 2026, operating a Tor-based double extortion site and targeting victims via bulk data exfiltration followed by public naming-and-shaming, with known victims including a Brazilian agro-industrial firm and a US county appraisal district.
Victims
4
First Discovered
2026-03-17
victim
Last Discovered
2026-04-14
victim
Inactive Since
36
days
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
3
hit
Attack Velocity — Last 12 months
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Exitium | Yes | 2026-05-20T00:15:12 | gunicorn |
m3ksukzn2glzfdvlusohril7n3iyk4z4fudf6mm22lwhpbpt5aiee5qd.onion
|
Target
Top 5 Activity Sectors
- Healthcare 1
- Energy 1
- Agriculture and Food Production 1
- Public Sector 1
Top 5 Countries
-
United States
2
-
Taiwan, Province of China
1
-
Brazil
1
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (1)
tox
1
| Type | IOC |
|---|---|
tox
|
0932023CDBDC780B80B4772D22975C9AAD6D1A5921AA4C746C9E4851A307DE1888A6F56FDFBE
|
Victims (4)
Website: gandhofcny.com
Zoominfo: https://www.zoominfo.com/c/gastroenterology--hepatology-of-cny-pc/…
Zoominfo: https://www.zoominfo.com/c/ming-hwei-energy-co-ltd/446006038
A small private B2B firm (11…
Zoominfo: https://www.zoominfo.com/c/marborges-agroindustria/547271801
Company in Brasil with a bad…
Zoominfo: https://www.zoominfo.com/pic/fannin-central-appraisal-district/1117264519
Exfiltrated: 40…