Kelvin Security

Description

Kelvin Security is a cybercrime group active since at least 2013, primarily known for hacktivism, data breaches, and website defacements rather than traditional ransomware operations. The group has claimed responsibility for intrusions targeting government agencies, educational institutions, and private companies across multiple regions, including Latin America, Europe, and the Middle East. While it has engaged in data theft and leak threats, there is no confirmed evidence that Kelvin Security operates a ransomware encryption component. Instead, their extortion model focuses on stealing sensitive data and threatening public disclosure, often publicizing breaches via social media and underground forums. The group’s activities have been linked to politically motivated campaigns as well as financially motivated breaches. Victim selection appears opportunistic, exploiting vulnerabilities in web servers, poorly configured databases, and exposed credentials.