antibrok3rs

ransomware group

Antibrok3rs emerged as an access broker (not a ransomware operator itself) linked to the aftermath of the 2023 MOVEit supply-chain exploitation. From November 2024 through early 2025, this actor has posted stolen data from at least 15 energy-sector victims, including U.S. utilities such as CenterPoint Energy, Entergy, Nevada Energy, and Appalachian Power—data likely obtained via the MOVEit breach. While some analysts suspected ties to the Cl0P ransomware collective, Antibrok3rs publicly denied any such affiliation. The extortion model centers on data leakage without accompanying file encryption—a purely leak-based threat. No delivery, encryption, or ransom note behaviors have been observed, nor is there evidence of RaaS activity.