Threat Group Profile
ms13089
Dormant / historical
Victim claims
1
First seen
May 2026
Last activity
05 May 2026
Tracked since
Dec 2025
Group overview
MS13089 is a newly emerged ransomware group (first observed December 2025) that named itself after a 2013 Microsoft Security Bulletin, claiming a handful of victims including a law firm, operating primarily as a double-extortion actor.
Preferred targets
Consumer Services Β· 1
Most targeted countries
US Β· 1