SETTRA is a ransomware/extortion threat actor observed in ransomware claims reporting and in a claimed compromise of Pi Mobile Technology, a subsidiary of Taiwan-based e-commerce company PChome Online. In week 26 of 2026, eCrime.ch recorded 11 SETTRA claims, noting the group was absent from the prior week’s ranking and entered directly at that activity level; the report also cautioned that such figures are self-announced by cybercriminal groups and are not formally validated. Separately, Taiwan News reported that Settra claimed it had compromised PChome’s systems and obtained internal documents and user data. PChome stated its preliminary review found no intrusion affecting its main website or core systems, so the claim remained under investigation. Based on the referenced reporting, techniques identified as relevant to the incident were T1078 (Valid Accounts) and T1530 (Data from Cloud Storage). No indicators of compromise or CVEs were provided in the content. Known alias in the provided content: Settra / SETTRA.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Sectors the actor has been observed targeting.
Geographies tied to known operations.
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Claimed a data breach against Pi Mobile Technology / PChome, alleging theft of internal documents and user data.
Ransomware group newly entering the ranking this week with 11 claimed victims.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.