Secp0
Secp0 is a ransomware threat actor/variant first referenced in the provided content as emerging in March 2024, with additional reporting noting it was discovered in March 2025.
Profile source: Mallory opens in a new tabSecp0
Family profile
Secp0 is a ransomware threat actor/variant first referenced in the provided content as emerging in March 2024, with additional reporting noting it was discovered in March 2025. The content directly associates Secp0 with World Leaks, and World Leaks reporting lists known associations with Hive Ransomware, Secp0 Ransomware, and UNC6148. Lexfo is cited as analyzing Secp0’s introduction, which stated that it was “testing a solution to simplify the release of large datasets,” using World Leaks’ homegrown tools. Based on the provided content, Secp0 appears linked to data-leak and extortion activity associated with the World Leaks ecosystem. Through that association, relevant reported targeting includes industrial/manufacturing organizations, healthcare organizations, technology firms, and other organizations with valuable intellectual property, with many victims located in the United States and additional victims in Canada and Europe. The content does not provide high-confidence, actor-specific TTPs unique to Secp0 beyond its stated use of World Leaks’ tooling and its association with the World Leaks ecosystem.
Ransomware.live