Threat Group Profile
nightspire
โ Active โ last 30 days
Victim claims
58
First seen
Apr 2026
Last activity
06 Jul 2026
Tracked since
Mar 2025
Group overview
NightSpire is a ransomware group that first emerged in March 2025 and rapidly claimed over 250 victims across retail, manufacturing, healthcare, finance, and education sectors in the US, France, India, Taiwan, and Japan, using aggressive double-extortion with ransom deadlines as short as two days.
Preferred targets
Business Services ยท 7
Consumer Services ยท 6
Healthcare ยท 6
Manufacturing ยท 6
Hospitality and Tourism ยท 4
Financial Services ยท 3
Most targeted countries
US ยท 21
EG ยท 4
FR ยท 2
PY ยท 1
ZW ยท 1
IT ยท 1
Tactics & techniques (MITRE ATT&CK)
Initial Access
Valid Accounts
Brute Force
Exploit Public-Facing Application
Phishing
Execution
Command and Scripting Interpreter
Software Deployment Tools
Persistence
Scheduled Task/Job
Create Account
Boot or Logon Autostart Execution
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
Privilege Escalation
Exploitation for Privilege Escalation
Defense Evasion
Obfuscated Files or Information
Masquerading
Indicator Removal
System Binary Proxy Execution
Credential Access
OS Credential Dumping
OS Credential Dumping: LSASS Memory
Unsecured Credentials
Discovery
Network Service Discovery
Process Discovery
System Information Discovery
File and Directory Discovery
Lateral Movement
Remote Services: Remote Desktop Protocol
Remote Services: SMB/Windows Admin Shares
Windows Management Instrumentation