Threat actor · all actors
TA505G0092 unknown
aka TA505, Hive0065, Spandex Tempest, CHIMBORAZO
Last updated: 2026-07-03
1attributed CVEs
51ATT&CK techniques
3.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active
About this actor
[TA505](https://attack.mitre.org/groups/G0092) is a cyber criminal group that has been active since at least 2014. [TA505](https://attack.mitre.org/groups/G0092) is known for frequently changing malware, driving global trends in criminal malware distribution, and ransomware campaigns involving [Clop](https://attack.mitre.org/software/S0611).(Citation: Proofpoint TA505 Sep 2017)(Citation: Proofpoint TA505 June 2018)(Citation: Proofpoint TA505 Jan 2019)(Citation: NCC Group TA505)(Citation: Korean FSI TA505 2020)
Source: MITRE ATT&CK
Activity timeline
- 2026 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2026-21236 | 5.5 | 7.8 | 0.0042 | 2026-02-10 | see CVE |
T1027T1027.002T1027.010T1027.013T1055T1055.001T1059T1059.001T1059.003T1059.005T1059.007T1069T1071T1071.001T1078T1078.002T1087T1087.003T1105T1106T1112T1140T1204T1204.001T1204.002T1218T1218.007T1218.011T1486T1552T1552.001T1553T1553.002T1553.005T1555T1555.003T1559T1559.002T1566T1566.001T1566.002T1568T1568.001T1583T1583.001T1588T1588.001T1588.002T1608T1608.001T1685
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 35 / 51 | 69% |
CM-6 | 30 / 51 | 59% |
SI-3 | 27 / 51 | 53% |
CM-2 | 26 / 51 | 51% |
CM-7 | 22 / 51 | 43% |
AC-6 | 21 / 51 | 41% |
CA-7 | 20 / 51 | 39% |
SC-7 | 18 / 51 | 35% |
AC-3 | 17 / 51 | 33% |
SI-2 | 17 / 51 | 33% |
SI-7 | 17 / 51 | 33% |
AC-2 | 16 / 51 | 31% |
AC-4 | 15 / 51 | 29% |
SI-10 | 13 / 51 | 25% |
RA-5 | 12 / 51 | 24% |
Co-occurring actors
- Ke3chang 1 shared CVEs
- Threat Group-3390 1 shared CVEs
Similar actors
Similar TTPs
- LazyScripter 0.40
- Operation Spalax 0.39
- C0021 0.35
- WIRTE 0.35
- TA2541 0.35
Overlapping CVEs
- Ke3chang 1.00
- Threat Group-3390 0.20
Active in same years
- Operation Dream Job 1.00
- SolarWinds Compromise 1.00
- C0027 1.00
- SharePoint ToolShell Exploitation 1.00
- Ke3chang 1.00