0APT and KryBit mutual operational data leak
Data Leak
Summary
Hide ▲
Show ▼
The 0APT and KryBit ransomware groups are in a live data leak fight that exposed internal operator records, victim negotiation data, and core infrastructure files. One leak revealed KryBit’s administrator panel and related operational details, while the retaliation exposed 0APT’s access logs, PHP source code, and system files. The disclosures matter because they can undercut trust in both groups, show fabricated victim claims, and force infrastructure rotation. The mutual leaks also point to operational disruption that could slow both crews’ extortion activity.
Related Happenings
0APT and KryBit ransomware turf war forces rebuild and rebrand pressure
Threat Actor Meta
First: 28.04.2026 16:00
Last: 28.04.2026 16:00
Sources 1
How related:
“Due to the extensive leaks of both KryBit and 0APT, the operators will likely have to rebuild, rebrand, and spin up new infrastructure over the next few weeks to months to remain active,”
About this happening:
**0APT** and **KryBit** escalated a ransomware turf war in **April 2026** by leaking each other's operational data, defacing leak sites, and exposing infrastructure details that u...
0APT and KryBit ransomware turf war forces rebuild and rebrand pressure
Threat Actor MetaHow related: “Due to the extensive leaks of both KryBit and 0APT, the operators will likely have to rebuild, rebrand, and spin up new infrastructure over the next few weeks to months to remain active,”
About this happening: **0APT** and **KryBit** escalated a ransomware turf war in **April 2026** by leaking each other's operational data, defacing leak sites, and exposing infrastructure details that u...
Akira group rapid double-extortion ransomware activity
Malware Activity
First: 02.04.2026 16:00
Last: 02.04.2026 16:00
Sources 1
About this happening:
**Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Akira group rapid double-extortion ransomware activity
Malware ActivityAbout this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Askul records leak tied to RansomHouse ransomware attack
Data Leak
First: 16.12.2025 01:13
Last: 16.12.2025 01:13
Sources 1
About this happening:
The **Askul Corporation** data leak now matters because **RansomHouse** stole about **740,000 records** from the company’s **October** ransomware attack, expanding the blast radiu...
Askul records leak tied to RansomHouse ransomware attack
Data LeakAbout this happening: The **Askul Corporation** data leak now matters because **RansomHouse** stole about **740,000 records** from the company’s **October** ransomware attack, expanding the blast radiu...
Timeline
-
28.04.2026 16:00 2 articles · 29d ago
0APT and KryBit trade leaked operational data
Technical Analysis Update0APT’s leak site targets KryBit, RansomHouse, and Everest Group, and KryBit responds by stealing data from 0APT and defacing the 0APT leak site. The leaked material exposes KryBit’s primary operators, affiliates, victim negotiation data, and 20 potential victims, while 0APT’s access logs, PHP source code, and system files show that the group’s claimed 190+ victims from January 2026 were fabricated; both groups are described as likely needing to rebuild or rotate leaked infrastructure components to remain active.
Show sources
- Ransomware Turf War as 0APT and KryBit Groups Trade Blows — www.infosecurity-magazine.com — 28.04.2026 16:00
- Ransomware Turf War as 0APT and KryBit Groups Trade Blows — www.infosecurity-magazine.com — 28.04.2026 16:00