Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 12:43:14 UTC
 Other threat group: Achilles
Names Achilles (AdvIntel)
Country [Unknown]
Motivation Financial crime
First seen 2018
Description
This actor may be related to Iridium.
(AdvIntel) “Achilles” is an English-speaking threat actor primarily operating on
various English-language underground hacking forums as well as through secure
messengers. Achilles specializes in obtaining accesses to high-value corporate
internal networks.
On May 4, 2019, Achilles claimed to have access to UNICEF network as well as
networks of several high-profile corporate entities. They were able to provide
evidence of their presence within the UNICEF network and two private sector
companies. It is noteworthy that they provided access to networks at a relatively low
price range of $5,000 USD to $2,000 USD.
The majority of Achilles offers are related to breaches into multinational corporate
networks via external VPN and compromised RDPs. Targets include private
companies and government organizations, primarily in the British Commonwealth.
Achilles has been particularly active on forums through the last seven months, with
rising spikes in activities in Fall 2018 and Spring 2019.
Observed
Sectors: Defense, Government and private sectors.
Countries: Australia, UK, USA.
Tools used RDP.
Operations performed Oct 2018
Breach of Navy shipbuilder Austal
<https://www.abc.net.au/news/2018-11-13/iranian-hackers-suspected-in-austal-cyber-breach/10489310>
Information <https://www.advanced-intel.com/blog/achilles-hacker-behind-attacks-on-military-shipbuilders-unicef-international-corporations>
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8881870a-4b54-4525-b455-45bb7c045fb5
Page 1 of 2

Last change to this card: 15 April 2020
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8881870a-4b54-4525-b455-45bb7c045fb5
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=8881870a-4b54-4525-b455-45bb7c045fb5
Page 2 of 2