A new case study from Ransom-ISAC reconstructs a complete data-extortion incident involving a U.S. government body and a threat actor called Kairos, using a leaked negotiation transcript and blockchain tracing of the ransom payment. The victim paid roughly $1 million in Bitcoin on June 13, 2025. The uncomfortable detail: Kairos has never been confirmed to have deployed ransomware at all.
“On 19 May 2025, a U.S. government entity was reportedly targeted by Kairos. Kairos later claimed the access was obtained through a brute-force credential attack. The entity was listed on Kairos’s victim site on 21 May 2025.” reads the report published by Ransom-ISAC.
“Rather than deploying encryption, Kairos appears to have focused on data exfiltration and public-exposure pressure. The group claimed to hold more than 1.6 million files — 1,602,775 files in total — and 2 TB of data before making contact.”
Read the rest of the story at SecurityAffairs.



