RA World is a ransomware group. In the provided reporting, it is identified as one of the ransomware groups targeting Korean companies, with activity noted in 2023 as part of a broader increase in ransomware attacks against South Korean organizations. The content also notes suspected links between some ransomware operations and Chinese cyber-espionage activity, specifically citing RA World for using PlugX; this is presented as a suspected linkage, not a confirmed attribution. Reported tooling associated with RA World in the provided content includes PlugX and Impacket. The content also references exploitation of PAN-OS vulnerability CVE-2024-0012 in the context of ransomware operations suspected to be linked to Chinese cyber-espionage groups, including RA World. No additional confirmed aliases or sub-groups are provided beyond RA World.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
RA World is a ransomware group that targeted Korean companies in 2023 as part of a surge in ransomware activity in Asia.
Ransomware operation suspected (in this text) to have linkage to Chinese cyber-espionage; associated with PlugX usage, offensive tooling, and exploitation of PAN-OS.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.