teamxxx
Ransomware group profile
4Victims
39Impact score
Description
teamxxx is a ransomware group that surfaced in February 2025, with a focus on financial gain through data exfiltration and public exposure of victim data. Notably, they sometimes make stolen data freely available online to increase reputational damage to their targets.
Key insights
- •Utilizes a double extortion model, combining data theft with public exposure to pressure victims.
- •Exploits general security weaknesses such as unpatched vulnerabilities and misconfigurations for initial access.
- •Stolen data often includes sensitive personal information, internal documents, and confidential agreements.
- •Occasionally acts as a data broker, deviating from typical ransomware operations.
- •Employs an IP address 82.147.84.232 as an Indicator of Compromise.
Threat Level & Status Breakdown
For teamxxx · Based on incidents in selected period
1.6threat level
Aggressiveness1/ 10
Lethality0/ 10
Criticality4.2/ 10
Status Breakdown
Claimed75.0%3
First seenJun 2025
Last seenAug 2025
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for teamxxx in the selected period
4Total attacks
2peak in Jul
1.3avg / month
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for teamxxx
Other
T1486
T1486
T1490
T1490
T1071
T1071
T1021
T1021
T1021.001
T1021.001
T1562
T1562
T1557
T1557
T1041
T1041
T1080
T1080
T1047
T1047
Victims(4)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Scania.com | scania.com | SE Sweden | Transportation | Claimed | 10 months ago | |
| Intercommunityct.org | — | US United States | Healthcare | Unknown | 11 months ago | |
| Websterhenry.com | websterhenry.com | US United States | Professional Services | Claimed | 11 months ago | |
| aetoscapitalasia.com | aetoscapitalasia.com | HK Hong Kong | Financial Services | Claimed | 12 months ago |
Affected countries(9)
Countries where this group has been reported to target or leak victims.