antibrok3rs details

Description

Antibrok3rs emerged as an access broker (not a ransomware operator itself) linked to the aftermath of the 2023 MOVEit supply-chain exploitation. From November 2024 through early 2025, this actor has posted stolen data from at least 15 energy-sector victims, including U.S. utilities such as CenterPoint Energy, Entergy, Nevada Energy, and Appalachian Power—data likely obtained via the MOVEit breach. While some analysts suspected ties to the Cl0P ransomware collective, Antibrok3rs publicly denied any such affiliation. The extortion model centers on data leakage without accompanying file encryption—a purely leak-based threat. No delivery, encryption, or ransom note behaviors have been observed, nor is there evidence of RaaS activity.

External Analysis
https://www.resecurity.com/blog/article/cyber-threats-against-energy-sector-surge-global-tensions-mount

External Analysis

https://www.resecurity.com/blog/article/cyber-threats-against-energy-sector-surge-global-tensions-mount

Jabber
antibrok3rs@exploit.im

Jabber

antibrok3rs@exploit.im

Session
05121c29f834249accced2af49ccba0e7462e559981be950f64fe98e9fb0deac7d

Session

05121c29f834249accced2af49ccba0e7462e559981be950f64fe98e9fb0deac7d

Tox
5C5724A6A618F5ECAA9E3D4E6A8213DD92146B4E68D3BB5D3C95AB685AFE67641F76D7538D1C

Tox

5C5724A6A618F5ECAA9E3D4E6A8213DD92146B4E68D3BB5D3C95AB685AFE67641F76D7538D1C

Other
Keybase:antibrok3rs
Telegram:AntiBrok3rs

Other

Keybase:antibrok3rs

Telegram:AntiBrok3rs

Url	Status	Uptime 30d
http://antibrok3rs.ir/	Up	93%
http://antibrok3rs.bearblog.dev/	Up	97%
http://antibrok3rs.anonblogs.net/	Down	10%

Url

Status

Screen

Uptime 30d

Health

http://antibrok3rs.ir/

93%

http://antibrok3rs.bearblog.dev/

97%

http://antibrok3rs.anonblogs.net/

Down

10%

Antibrok3Rs

Description

Note