Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Ransomware Group

Agenda (Ransomware Group) – Threat Actor

April 3, 2024
Reading Time: 5 mins read
in Ransomware Group, Threat Actors
Agenda (Ransomware Group) – Threat Actor

Agenda Ransomware Group

Other Names

Qilin, Water Galura, AgendaCrypt

Location

Unknown

Date of initial activity

2022

Suspected attribution

Unknown

Associated Groups

Unknown

Motivation

Financial gain

Associated tools

Agenda malware. Agenda ransomware group uses Remote Monitoring and Management (RMM) tools, as well as Cobalt Strike for deployment of the ransomware binary. As for the Agenda ransomware executable, it can also propagate via PsExec and SecureShell, while also making use of different vulnerable SYS drivers for defense evasion.

Active

Yes

Overview

Agenda is an emerging ransomware family, that has recently been targeting critical sectors such as healthcare and education industries. At present, they appear to be migrating their ransomware code to Rust as recent samples still lack some features seen in the original binaries written in the Golang variant of the ransomware.

Common targets

Agenda Ransomware Group has been primarily United States, Argentina, Australia, and Thailand, and it has been targeting industries critical to the economy, such as finance, law, healthcare, and education.

Attack Vectors

Agenda targets its victims through phishing emails that contain malicious links to gain a foothold in the victim’s network and exfiltrate sensitive data.

How they operate

Agenda targets its victims through phishing emails that contain malicious links to gain a foothold in the victim’s network and exfiltrate sensitive data. Once Agenda completes initial access, they typically move laterally across the victim’s infrastructure, searching for essential data to encrypt. During the encryption process, the actors place a ransom note in each infected directory of the system, which provides instructions on how to purchase the decryption key. They may also attempt to reboot systems in normal mode and stop server-specific processes to make it harder for the victim to recover their data. If the ransomware operator is successful in encrypting a victim’s files, it uses a double extortion technique as a means to increase its potential revenue.

Significant Attacks

Agenda ransomware was used to target several industries, such as finance and law. Agenda ransomware detections increased beginning December 2023. Agenda ransomware group uses Remote Monitoring and Management (RMM) tools, as well as Cobalt Strike for deployment of the ransomware binary.
Campaigns:
  • Agenda continues infecting victims globally with the US, Argentina, Australia, and Thailand being among its top targets. (March 2024)
  • Agenda ransomware targets healthcare and education sectors in countries like Thailand and Indonesia. (December 2022)
  • Qilin Targets its victims by sending phishing emails that contain malicious links to gain access to their network. (July 2023)
References:
  • Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
  • Agenda Ransomware Uses Rust to Target More Vital Industries
  • QILIN Ransomware Report
  • You’ve been kept in the dark (web): exposing Qilin’s RaaS program
Tags: AgendaAgendaCryptQilinRansomwareRansomware GroupThreat ActorsWater Galura
ADVERTISEMENT

Related Posts

Storm-1811 (Cybercriminal) – Threat Actor

Storm-1811 (Cybercriminal) – Threat Actor

March 2, 2025
CopyCop (State-Sponsored) – Threat Actor

CopyCop (State-Sponsored) – Threat Actor

March 2, 2025
Storm-0539 – Threat Actor

Storm-0539 – Threat Actor

March 2, 2025
Void Manticore (Storm-0842) – Threat Actor

Void Manticore (Storm-0842) – Threat Actor

March 2, 2025
Unfading Sea Haze – Threat Actor

Unfading Sea Haze – Threat Actor

March 2, 2025
Ikaruz Red Team – Threat Actor

Ikaruz Red Team – Threat Actor

March 2, 2025

Latest Alerts

Oil-Themed Phishing Spreads Snake Keylogger

Forminator Plugin Flaw Risks 600,000 Sites

Kimsuky Tricks Users Into Self Hacking

Scammers Use Fake Ads to Steal Pi Wallets

Blind Eagle Uses VBS Scripts to Deploy RATs

C4 Bomb Cracks Chrome Cookie Encryption

Subscribe to our newsletter

    Latest Incidents

    Cyberattack on Brazils CM Software Vendor

    Cyberattack Halts Hero España Production

    Hacker Attack on Australian Airline Qantas

    Cyberattack Hits Austrian Hospital Vendor

    Sophisticated Attack Hits War Crimes Court

    Ransomware Hits Swiss Government Vendor

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial