#284
ALP-001
RansomwareALP-001 is a financially motivated ransomware group that first emerged in March 2026. Initially operating as an Initial Access Broker, the group strategically expanded its operations to include direct extortion, signifying a shift from selling network access to leveraging it for ransomware activities. ALP-001 operates a Tor-based data leak site where it publishes exfiltrated data, although the group has been noted for potentially using questionable or fabricated leak claims, sometimes involving publicly available or misconfigured data, to pressure large enterprises. This behavior suggests an opportunistic and potentially unreliable operational model.
IQ18 victimsFirst seen: 2026-03-21Last seen: 2026-04-08
Target Countries
United Arab EmiratesArgentinaAustriaBelgiumBrazilCanadaSwitzerlandChinaCubaCzech RepublicGermanySpainFranceUnited KingdomHungaryIsraelIndiaItalyJapanKorea, Republic ofMoroccoMartiniqueMexicoNetherlandsNew ZealandPolandSlovakiaUkraineUnited StatesKosovo
Target Sectors
Food ManufacturingOther Information ServicesSoftware PublishersAccommodationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationWholesale TradeData Processing ServicesInternet PublishingSpace & DefenseEnergy & Utilities Motion Picture and Video ProductionAll Other Information ServicesComputer Systems Design and Related ServicesPublishing ServicesAccommodation&Food ServicesMiningTelecommunicationsTransportation&WarehousingRetailAgriculture&ForestryElectrical&Electronical ManufacturingInformation ServicesComputer Design & ServicesBankingOtherFinanceProfessional&Technical ServicesHealthCare & Social AssistanceArts & EntertainmentHardware ManufacturingNational SecurityOffices of LawyersComputer Systems Design Services