← All Threat Actors
Threat Actor Profile

Water Kurita

No known aliases in database
▲ High Threat
ClickFix, AI-Assisted GitHub Distribution, Fingerprinting Resurgence
Origin Russia
Motivation Financial gain through the theft and resale of sensitive credentials, cryptocurrency wallets, and private data.

Target Sectors

General end users Cryptocurrency wallet holders Financial services Government entities Technology organizations

Known TTPs

Malware-as-a-Service (MaaS) distribution
Social Engineering (Fake CAPTCHA/ClickFix campaigns)
Malvertising (Google Ads)
Abuse of legitimate platforms (GitHub repositories)
AI-assisted creation of deceptive software repositories
Browser Fingerprinting (JavaScript-based system/hardware metadata collection)
Use of non-resident loaders for payload delivery
Infrastructure migration to Russian-based cloud services (e.g., Selectel)
Credential harvesting from browser extensions and 2FA tools

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD