= Stargazer Goblin =

Stargazer Goblin is a threat actor (since August 2022) which operate a network (over 3.000 inauthentic GitHub accounts) known as Stargazers Ghost Network that distribute malware (ransomware, infostealers) such as: Atlantida Stealer, Rhadamanthys, and share malicious links. It acts as a Distribution as a Service (DaaS).

Research has shown that Stargazer Goblin's operations include using open directories to share malware and stolen data, employing freely accessible resources as a strategy to evade detection. These open directories often contain malicious tools and compromised information, which are used to expand their reach and distribute malware. Analysis of their tactics, techniques, and procedures (TTPs) indicates potential overlaps with other threat actors, suggesting shared methods within the cybercriminal ecosystem.
