Cyber Resilience

Threat actor · all actors

BlackByteG1043 unknown

aka BlackByte, Hecamede

Last updated: 2026-07-03

3attributed CVEs
66ATT&CK techniques
12.9IDF score (tooling uniqueness)
3exclusive CVEs
2019–2026years active

About this actor

[BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackByte](https://attack.mitre.org/groups/G1043) is associated with several versions of ransomware also labeled [BlackByte Ransomware](https://attack.mitre.org/software/S1180). [BlackByte](https://attack.mitre.org/groups/G1043) ransomware operations initially used a common encryption key allowing for the development of a universal decryptor, but subsequent versions such as [BlackByte 2.0 Ransomware](https://attack.mitre.org/software/S1181) use more robust encryption mechanisms. [BlackByte](https://attack.mitre.org/groups/G1043) is notable for operations targeting critical infrastructure entities among other targets across North America.(Citation: FBI BlackByte 2022)(Citation: Picus BlackByte 2022)(Citation: Symantec BlackByte 2022)(Citation: Microsoft BlackByte 2023)(Citation: Cisco BlackByte 2024)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2019-16098 8.07.80.77762019-09-11see CVE
CVE-2026-4368 5.57.70.03622026-03-23see CVE
CVE-2049-16098 0.00.00.0000see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-444 / 6667%
CM-639 / 6659%
AC-637 / 6656%
AC-336 / 6655%
AC-233 / 6650%
CM-233 / 6650%
CM-732 / 6648%
SI-330 / 6645%
AC-526 / 6639%
CM-524 / 6636%
IA-224 / 6636%
SI-723 / 6635%
CA-721 / 6632%
SC-720 / 6630%
AC-416 / 6624%

Co-occurring actors

None.

Similar actors