← All Threat Actors
Threat Actor Profile

SHADOW-AETHER-015

No known aliases in database
⚠ Critical Threat
Instructure Canvas Breach, Oracle PeopleSoft Zero-Day Exploitation, 0ktapus Identity Abuse
Origin
Sponsor criminal organization
Motivation financial gain through data theft, ransomware, and multi-pressure extortion

Target Sectors

Education (Universities, K-12, Teaching Hospitals) Identity and Access Management (IAM) Systems (e.g., Okta, Azure AD/Entra ID) Cloud Infrastructure Oracle Enterprise Software (PeopleSoft/E-Business Suite)

Known TTPs

Vishing
Help-desk impersonation
MFA fatigue
Token theft
Credential harvesting
Zero-day exploitation
Cloud lateral movement
Multi-pressure extortion

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD