ZeroFox Intelligence Flash Report - 0APT Syndicate Lacking Credibility

In this Flash report, ZeroFox researchers report on a likely scam ransomware-as-a-service group known as 0APT Syndicate.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

View the full report here

ZeroFox assesses that newly founded and self-proclaimed ransomware-as-a-service (RaaS) collective 0APT Syndicate (0APT) is very likely a scam or hoax group. As of this writing, the group has not published any legitimate data from its list of 200 alleged victim companies; further, the purported data samples on its leak site cannot be downloaded and appear to be entirely fabricated.
While little is known about the group at this time, the operators have explicitly stated that they are politically neutral and motivated solely by financial gain. Although the ransomware 0APT purports to be using is fully functional, it was first created in 2011 and most recently updated in 2023—making it unlikely the group is actually conducting data breaches, as operational ransomware groups typically update their executables more frequently.
All available evidence suggests that 0APT is almost certainly a scam and not a legitimate threat at this time.