Threat Actors

Sodinokibi/REvil Ransomware: The Evasive Threat
Threat Actor
Sodinokibi/REvil Ransomware: The Evasive Threat
Overview Sodinokibi, also known as REvil, is a highly prolific and sophisticated ransomware-as-a-service (RaaS) operation active since at least April ...
Qilin Ransomware Tactics, Techniques, Procedures and Mitigation
Blog
Qilin Ransomware: Tactics, Techniques, Procedures and Mitigation
Qilin ransomware, a potent threat emerging in 2022, has rapidly gained notoriety. This blog post delves into its advanced tactics, techniques, and procedures (TTPs), providing ...
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Resources
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Evil Corp, a prolific Russian cybercrime syndicate, deploys sophisticated malware and ransomware, targeting diverse sectors globally, including healthcare and finance, for financial gain and potential ...
Everest Ransomware: Data Extortionist Turned Initial Access Broker
Resources
Everest Ransomware: Data Extortionist Turned Initial Access Broker
Everest ransomware, active since 2020, evolved from data extortion and ransomware to primarily acting as an Initial Access Broker (IAB), targeting healthcare providers.
Vice Society Ransomware: The Anti K-12 RaaS Syndicate
Resources
Vice Society Ransomware: The Anti K-12 RaaS Syndicate
Vice Society, a prolific RaaS group, preys on schools and other institutions, deploying readily available ransomware and threatening data leaks unless ransoms are paid. Their ...
KillSec: Hacktivists Turned RaaS Syndicate
Resources
KillSec: Hacktivists Turned RaaS Syndicate
KillSec, a Russia-linked RaaS group, targets healthcare and finance, leveraging OSINT and affiliates for extortion, showing a preference for Asian victims over Western ones.
Qilin/Agenda Ransomware: The Credential Stealers
Resources
Qilin/Agenda Ransomware: The Credential Stealers
Overview The Qilin ransomware group, also known as Agenda, is a Russia-based ransomware-as-a-service (RaaS) operation active since at least July ...
BianLian Ransomware: Shadow Data Extortion Group
Resources
BianLian Ransomware: Shadow Data Extortion Group
The BianLian ransomware group represents a significant and growing threat to organizations worldwide. Operating with precision and stealth, they have targeted critical infrastructure and private ...
Trinity Ransomware: The Enigma of the .trinitylock
Resources
Trinity Ransomware: The Enigma of the .trinitylock
Overview: Known Aliases of Trinity Ransomware: Trinity Ransomware. Possible links to 2023Lock and Venus ransomware, implying potential shared infrastructure or ...
Akira Ransomware: The Extortion Ghost in a Shell
Resources
Akira Ransomware: The Extortion Ghost in a Shell
Akira has targeted a range of organizations, including universities (Stanford), major IT service providers (Tietoevry), and numerous businesses across various sectors. Critical infrastructure, including healthcare ...