kazu

Ransomware group profile

43Victims

RussiaSource country

70Impact score

Description

kazu is a financially motivated ransomware and data extortion group that emerged around mid-2025, notably targeting government agencies and healthcare providers. They utilize sophisticated tactics for initial access and data exfiltration, employing a double-extortion model to coerce victims into paying ransoms.

Key insights

•Targets include government agencies, public-sector institutions, and healthcare providers.
•Initial access is typically gained through exploiting RDP services and unpatched web applications.
•The group uses SmokeLoader as the initial loader to deliver ransomware payloads.
•Employs a double-extortion tactic, exfiltrating data before encrypting files.
•Ransom demands range from $60,000 to $500,000, with threats to publish stolen data.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Manufacturing Other Professional Services Technology

Threat Level & Status Breakdown

For kazu · Based on incidents in selected period

3.6threat level

Aggressiveness7/ 10

Lethality0/ 10

Criticality3.9/ 10

Status Breakdown

Claimed7.0%3

First seenNov 2025

Last seenMay 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for kazu in the selected period

43Total attacks

35peak in Nov

10.8avg / month

↓ 33 vs first month

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for kazu

Other

T1486

T1490

T1078

T1059

T1566.001

T1133

T1190

T1021

T1562

T1046

Victims(43)

Company	Domain	Country	Industry	Status	Discovered
Databases	—	—	—	Claimed	6 days ago
Ransom	—	—	—	Claimed	6 days ago
zHealthEHR — Practice Management Software for Chiropractic & Wellness Clinics	zhealthehr.com	US United States	Technology	Unknown	4 months ago
MyVete	myvete.com	ES Spain	Professional Services	Unknown	5 months ago
ManageMyHealth - New Zealand	managemyhealth.co.nz	NZ New Zealand	Healthcare	Unknown	5 months ago
Saudi Icon	saudi-icon.com	SA Saudi Arabia	Other	Unknown	5 months ago
Leadway Assurance	leadwayhealth.com	NG Nigeria	Financial Services	Unknown	6 months ago
CT Dent Ltd	ct-dent.co.uk	GB United Kingdom	Healthcare	Unknown	6 months ago
GOBIERNO DE GUANAJUATO	—	MX Mexico	Government & Defense	Unknown	7 months ago
Venezuela’s Cooperative Registration and Management System	—	VE Venezuela	Government & Defense	Unknown	7 months ago
Official Website of the Municipality of Querétaro	—	MX Mexico	Government & Defense	Unknown	7 months ago
Official Website of Vehicle Emissions Control (VEC Mexico)	—	MX Mexico	Manufacturing	Unknown	7 months ago
National Entrepreneur System of Mexico	—	MX Mexico	Government & Defense	Unknown	7 months ago
Guadalajara Social Assistance Agency	—	MX Mexico	Government & Defense	Unknown	7 months ago
Nepal official Police Website	—	NP Nepal	Government & Defense	Unknown	7 months ago
Saudi Arabia Gov - Taif Municipality Portal	—	SA Saudi Arabia	Government & Defense	Unknown	7 months ago
Official Platform for Employability Certification in Mauritania	—	MR Mauritania	Education	Unknown	7 months ago
Bolivian Military Social Security Corporation – COSSMIL	—	BO Bolivia	Government & Defense	Unknown	7 months ago
Ministry of Health – Government of Sri Lanka	—	LK Sri Lanka	Government & Defense	Unknown	7 months ago
Zacatecas State Department of Education	—	MX Mexico	Education	Unknown	7 months ago

Page 1 of 3

Affected countries(26)

Countries where this group has been reported to target or leak victims.