U.S. Government Agency Paid $1M in Bitcoin to Data Extortion Group Kairos

A new case study from Ransom-ISAC reconstructs a complete data-extortion incident involving a U.S. government body and a threat actor called Kairos, using a leaked negotiation transcript and blockchain tracing of the ransom payment. The victim paid roughly $1 million in Bitcoin on June 13, 2025. The uncomfortable detail: Kairos has never been confirmed to have deployed ransomware at all.

“On 19 May 2025, a U.S. government entity was reportedly targeted by Kairos. Kairos later claimed the access was obtained through a brute-force credential attack. The entity was listed on Kairos’s victim site on 21 May 2025.” reads the report published by Ransom-ISAC.

“Rather than deploying encryption, Kairos appears to have focused on data exfiltration and public-exposure pressure. The group claimed to hold more than 1.6 million files — 1,602,775 files in total — and 2 TB of data before making contact.”

Read the rest of the story at SecurityAffairs.

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles