Cerber ransomware operation

Threat Actor

The Cerber ransomware operation was active between 2016 and 2019 but was seen in 2021 targeting Confluence instances vulnerable to another bug, CVE-2021-26084. At the time, the hackers behind the 2021 campaign targeted victims in China, Germany, and the U.S., demanding 0.04 bitcoin in exchange for the decryptor.

Several ransomware experts said they had not seen the Cerber ransomware used in years.

Incidents Associated with this Threat

Malware Used by this Threat Actor

No malware identified for this threat actor.