SGL Actor

Also known as: SGL Actor

SGL is a username used by a threat actor on the XSS cybercriminal forum. The actor was observed attempting to sell access to allegedly compromised corporate network VPN gateways and RDP software.[Resecurity Remote Access Compromise March 13 2024][CYJAX 2024 Year in Review January 29 2025]

Introduction

SGL is a username used by a threat actor on the XSS cybercriminal forum. The actor was observed attempting to sell access to allegedly compromised corporate network VPN gateways and RDP software.[Resecurity Remote Access Compromise March 13 2024][CYJAX 2024 Year in Review January 29 2025]

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • RemoteCMD:
  • CyberGate:
  • Cyber Eye RAT:
  • Remote Utilities:
  • RemotePC:

Attribution and Evidence

Information pending cataloguing.

References

[1] [Resecurity Remote Access Compromise March 13 2024 [2] [CYJAX 2024 Year in Review January 29 2025