Orion

Ransomware Group Profile

Overview

Orion is a ransomware operation first observed in October 2025 that listed 13 alleged victims on a dark web leak site across financial services, manufacturing, and healthcare, though analysts determined its victim list was recycled from prior LockBit and BlackCat disclosures rather than fresh compromises.

Dark Web Infrastructure (1)
cjfntkj5qeizxowuy3srceg7zo6namc3kfeor7pfn6bpdkl3w265ooid.onion
Activity Timeline
First Seen2026
Last Seen2026
Leak Sites1
Quick Actions
View All GroupsThreat Actors
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001