Main Menu

Threat Actors

GhostSec – From Hacktivist to Ransomware Warlord
Threat Actor
GhostSec – From Hacktivist to Ransomware Warlord
September 30, 2025
GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and high-impact double-extortion campaigns.
Warlock Group / GOLD SALEM (aka Storm-2603) — Threat Profile
Threat Actor
Warlock Group / GOLD SALEM (aka Storm-2603) — Threat Profile
September 25, 2025
This threat actor profile examines the Warlock ransomware group, tracked as Storm-2603 and GOLD SALEM. Active since March 2025, Warlock exploits Microsoft SharePoint vulnerabilities to ...
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Resources
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
August 28, 2025
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims spanning healthcare, manufacturing, and IT, ...
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
News
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
August 28, 2025
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised as PDFs, these droppers fetch ...
Crypto24 Ransomware: The Phantom Encryptor
Resources
Crypto24 Ransomware: The Phantom Encryptor
August 18, 2025
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal, encrypt, and leak sensitive data.
Charon Ransomware: Stealthy Cyber Extortion Syndicate
Resources
Charon Ransomware: Stealthy Cyber Extortion Syndicate
August 18, 2025
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing a severe threat to critical ...
APT28 / Fancy Bear: Russian State Sponsored APT
Threat Actors
APT28 / Fancy Bear: Russian State Sponsored APT
August 6, 2025
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical infrastructure.
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
Resources
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
August 4, 2025
DragonForce is a ransomware and data extortion group that evolved from a pro-Palestinian hacktivist collective into a financially motivated cybercriminal enterprise.
Lynx Ransomware: INC Ransomware Reincarnated
Resources
Lynx Ransomware: INC Ransomware Reincarnated
July 29, 2025
The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor to the INC ransomware group ...
Fog Ransomware: Data in the Mist
Resources
Fog Ransomware: Data in the Mist
July 24, 2025
Fog ransomware, a prolific and secretive threat actor, targets organizations globally, deploying sophisticated multi-stage attacks resulting in data encryption and exfiltration. Victims span various sectors. ...
Load More
Trending
UpCrypter Phishing Campaign Exploits Fake Emails to Deliver RAT Payloads
Deepfake Vishing Incidents Surge by 170% in Q2 2025
ClickFix Phishing Campaign Targets Booking.com Using Infostealers and RATs
Darcula PhaaS 3.0 Auto-Generates Phishing Kits for Any Brand
Sophisticated Gmail Attacks Target Users: FBI Issues “Do Not Click” Alert
This Facebook Phishing Attack Could Steal EVERYTHING!
What is a Whaling Phishing Attack?
Phishing Attacks on the Rise: Businesses Face Growing Cyberthreat
Email Spoofing 101: Understanding the Basics and How to Protect Your Enterprise Data
How AI is Revolutionizing Phishing Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.