🧟‍♂️

KryptonZambie

Aliases

Barboza, robinhouse0xc4, krpzambie0xc4, robinFlexSnow, Robinhouse (telegram channel), @KryptonZambie (telegram channel), @Zshadow88606863 (Twitter account), CyberBlackMouse (Facebook account)

Tags

Mercenary

Attribution

💰Cybercrime

Incidents

Pure Incubation (DemandScience) BreachCutout.Pro Breach

References

https://cybelangel.com/pure-incubation-ventures-leak-threat-note/ https://www.bitdefender.com/en-us/blog/hotforsecurity/hacker-leaks-records-of-20-million-users-of-ai-visual-creation-platform-onlinehttps://therecord.media/philippines-hacktivist-groups-misinformation-china-tensionshttps://foresiet.com/blog/unveiling-the-kryptonzambie-leak-of-pureb2b-co-uk-databasehttps://www.resecurity.com/blog/article/misinformation-and-hacktivist-campaigns-target-the-philippines-amidst-rising-tensions-with-china

Last edited

Jan 14, 2025 5:02 PM

Status

Finalized

Cloud-fluent

Targeted geography

United States/North AmericaIndia

KryptonZambie is a cyber threat actor group that has been observed engaging in malicious cyber activities. The group is known for its activities that included breaching organizations and selling stolen data. Some of their notable victims include:

Pure Incubation (DemandScience) Breach
Cutout.Pro Breach

The group’s primary objective appears to be financial gain, as they publicly release and offer their victims' data for sale.

In an unusual case, KryptonZambie (along with other threat groups) has been involved in spreading fabricated narratives about the theft of Philippine citizens' data, seemingly as part of a broader cyber campaign.

Who is behind KryptonZambie?

A threat actor using the same alias, Krypton Zambie, previously ran a Vietnamese-language information security blog 📖 (now taken down) hosted on WordPress (https://hackerzambie.wordpress[.]com/author/kryptonzambie/). The blog's last posts were from 2021 and focused on topics like cybersecurity, penetration testing, and anonymization, which suggest the author has hands-on experience in these areas.

The blog also featured posts about exploiting vulnerabilities in applications, such as Remote File Inclusion (RFI), Local File Inclusion (LFI), and SQL injection, indicating that the actor is skilled in malicious code, bypassing antivirus/EDR systems, database attacks, and vulnerability exploitation.

Interestingly, some of KryptonZambie's blog posts overlapped with the activities of a ransomware group called RobinHouse, hinting at possible links between the two.