A single hacker has wreaked havoc across global industries, penetrating the digital fortresses of more than 50 major organizations. Operating under the aliases “Zestix” and “Sentap,” this lone wolf has managed to breach aerospace companies, government agencies, healthcare systems, and airlines since 2021. Pretty impressive for someone working solo, right?
The hacker’s method wasn’t particularly sophisticated. They relied on basic infostealers like RedLine and Vidar to harvest credentials from infected computers. These stolen logins—VPN, email, file-sharing accounts—became keys to corporate kingdoms. Most companies made it embarrassingly easy by not having multi-factor authentication. Cybersecurity 101, people!
Once inside, this digital burglar helped themselves to whatever looked valuable. Customer PII, employee records, intellectual property, source code—nothing was off-limits. The Iberia airline breach alone involved 77 GB of data that sold for $150,000. Not bad for a day’s work.
The hacker particularly favored collaboration platforms like ShareFile and Nextcloud as entry points. These services were perfect targets—lots of important data concentrated in one spot with minimal friction. The breached systems frequently contained contracts, engineering designs, legal files, and financial documents. Basically, everything a company doesn’t want leaked. The trend of targeting these platforms mirrors what we saw in the January 2026 Ledger Leak where customer data was exposed through an e-commerce partner rather than direct systems.
Underground markets know this hacker as a “reliable access broker.” They’ve built a business model combining direct data sales, access-as-a-service, and extortion opportunities. Their victims span industries critical to national security and economic stability. Major corporations including Deloitte, Samsung, and Walmart were among those affected by these breaches.
Despite operating mostly alone, “Zestix/Sentap” plugged into the broader credential-stealer ecosystem, purchasing infostealer logs from underground marketplaces when needed. They’ve kept a low profile by using multiple handles and forums to reduce traceability.
The campaign highlights a disturbing reality: even lone hackers can cause widespread damage when companies neglect basic security measures. In an age of sophisticated nation-state threats, sometimes it’s just one person with a laptop causing all the trouble.
