Widely attributedUnknown
Diicot
Romanian-origin cryptomining threat group targeting Linux servers and cloud infrastructure using SSH brute-forcing. Named after the Romanian anti-terrorism police unit.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low1.4
Low signal strength
Mentions2
Sources1
High conf.1
Last seenMay 2026
First observed
—
Last active
—
Origin
Romania
Aliases
1
Techniques
0
Campaigns
0
Romania
TargetsCloudTechnology
RegionsGlobal
Attribution signals
2 mentions · 1 source#1high
MalwareTTP matchCode similarity
wiz-research
May 2026
#2linked tomoderate
TTP matchVictimology
wiz-research
May 2026
"the Wiz Threat Research team uncovered a malware campaign targeting Linux environments, linked to the Romanian-speaking Diicot threat group"
Hedge terms observed
linked to