Cyber Resilience

Threat actor · all actors

Water GaluraG1050 unknown

aka Water Galura, GOLD FEATHER

Last updated: 2026-07-03

0attributed CVEs
4ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Water Galura](https://attack.mitre.org/groups/G1050) are the operators of the [Qilin](https://attack.mitre.org/software/S1242) Ransomware-as-a-Service (RaaS) who handle payload generation, ransom negotiations, and the publication of stolen data for [Qilin](https://attack.mitre.org/software/S1242) affilates recruited on Russian cybercrime forums. [Water Galura](https://attack.mitre.org/groups/G1050) have been active since at least 2022 and use a double extortion model where they demand payment for providing decryption keys and for refraining from publishing the stolen data to their leak site.(Citation: BushidoToken Qilin RaaS JUN 2024)(Citation: Sophos Qilin MSP APR 2025)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
AC-62 / 450%
AC-31 / 425%
AC-51 / 425%
CM-21 / 425%
CP-101 / 425%
CP-21 / 425%
CP-61 / 425%
CP-71 / 425%
CP-91 / 425%
SI-31 / 425%
SI-41 / 425%
SI-71 / 425%

Co-occurring actors

None.

Similar actors

Similar TTPs