Cyber Resilience

Threat actor · all actors

WindigoG0124 unknown

aka Windigo

Last updated: 2026-07-03

0attributed CVEs
7ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

The [Windigo](https://attack.mitre.org/groups/G0124) group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the [Ebury](https://attack.mitre.org/software/S0377) SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, [Windigo](https://attack.mitre.org/groups/G0124) operators continued updating [Ebury](https://attack.mitre.org/software/S0377) through 2019.(Citation: ESET Windigo Mar 2014)(Citation: CERN Windigo June 2019)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-34 / 757%
SI-44 / 757%
AC-33 / 743%
AC-63 / 743%
CA-73 / 743%
CM-23 / 743%
CM-63 / 743%
AC-22 / 729%
AC-42 / 729%
CM-72 / 729%
CM-82 / 729%
SC-182 / 729%
SC-72 / 729%
SI-102 / 729%
SI-22 / 729%

Co-occurring actors

None.

Similar actors

Similar TTPs