Helldown

Ransomware Group Profile

Overview

Helldown is an aggressive ransomware group first documented in August 2024, known for exploiting Zyxel firewall vulnerabilities to gain initial access and conducting large-scale data exfiltration averaging 70 GB per victim, targeting IT services, telecommunications, manufacturing, and healthcare primarily in the US.

Dark Web Infrastructure (4)
onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion
onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion
www.helldown.org
onyxcb44xvqra35m3lp3z26kf2pxrlbn64nbzvyvzjyc3uykzrwcjdid.onion
Activity Timeline
First Seen2024
Last Seen2025
Leak Sites4
Quick Actions
View All GroupsThreat Actors
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001