ExtaseHunters

ExtaseHunters is a threat actor identified in reporting on an alleged breach of ANTS (Agence Nationale des Titres Securises), now branded France Titres, a French government agency responsible for secure identity documents and legal titles. In the cited incident, EvilDump, ExtaseHunters, and Breach3d were named as the actors behind the alleged compromise, with the post specifically crediting ExtaseHunters and Breach3d as collaborators while EvilDump made the sale post. The actors claimed to possess and offer for sale a database containing 18 million records. The allegedly stolen data included highly sensitive citizen identity information such as full legal names, usage or maiden names, email addresses, verified mobile numbers, dates and places of birth, physical addresses, internal identifiers, government certification status, professional status, and gender/civil title fields. Reported indicators in the sample, including sequential internal IDs and a "certifie" field indicating government-verified identities, were presented as evidence of a structured database extraction. The incident was characterized as a critical government-sector data breach. ATT&CK techniques explicitly mapped in the source content were T1190 (Exploit Public-Facing Application), T1213 (Data from Information Repositories), T1567 (Exfiltration Over Web Service), T1078 (Valid Accounts), and T1657 (Financial Theft). Known associated actors/aliases mentioned in the content are EvilDump and Breach3d. No additional attribution, sub-groups, or nation-state linkage is provided in the available content.