Cephalus

Ransomware Group Profile

Overview

Cephalus is a ransomware group active from mid-2025 that leverages stolen RDP credentials to deploy a Go-based ransomware payload via DLL sideloading, targeting law firms, healthcare, financial services, and IT firms across the US and Japan with 19 known victims.

Dark Web Infrastructure (2)

cephalus6oiypuwumqlwurvbmwsfglg424zjdmywfgqm4iehkqivsjyd.onion

46.17.42.64.

Activity Timeline

First Seen2025

Last Seen2025

Leak Sites2

Quick Actions

View All Groups Threat Actors

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001