Tengu

Ransomware Group Profile

Overview

Tengu is a RaaS operation first observed in October 2025, following a double-extortion model and using Living Off The Land Binaries (LOLBins) to blend malicious activity with normal admin traffic, primarily targeting consumer goods, real estate, automotive, healthcare, and IT sectors.

Dark Web Infrastructure (7)
fuvodyoktsjdwu3mrbbrmdsmtblkxau6l7r5dygfwgzhf36mabjtcjad.onion.
longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion
longejh5gj5igfinj36rmqt2ydx2vun6zmditi3ij6hebawnn4xucqad.onion
longf6faa6tiudn5n6ar77z5balign2cxo2tjfsxuf6wnlzjamqew2yd.onion
longhbqhzlv3p7tvx3iwhfizkmtkm2nhnlbw5d4qr65wjz5e6aa23mid.onion
longjr5sl6a57ajn52nysmvgobmb7lktjthssmt2jeyjagk3rw36djyd.onion
longvqprqrb4zbxooswz4upefhtikhnyqv4gw4fkzpkc2wjpvxsucwid.onion
Activity Timeline
First Seen2025
Last Seen2026
Leak Sites7
Quick Actions
View All GroupsThreat Actors
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001