Threat Actors

BlackSuit (Royal) Ransomware: Conti Ransomware Reborn
Resources
BlackSuit (Royal) Ransomware: Conti Ransomware Reborn
BlackSuit, formerly Royal, is a sophisticated ransomware group using multi-vector attacks, partial encryption, and double extortion to target global organizations, including critical infrastructure. Their operations ...
INC Ransom: Master of Double Extortion
Ransomware
INC Ransomware: Master of Double Extortion
INC Ransomware is a sophisticated and relatively new cybercriminal group known for its targeted ransomware attacks against corporate and organizational networks. They exhibit a high ...
Scattered Spider: A Web of Social Engineering
Resources
Scattered Spider: A Web of Social Engineering
Scattered Spider, also known as UNC3944, is a financially motivated cybercriminal group known for its sophisticated social engineering tactics and ability to navigate cloud environments.
APT40: Chinese State Sponsored APT
Resources
APT40: Chinese State Sponsored APT
APT40, also known as ATK29, BRONZE MOHAWK, G0065, GADOLINIUM, Gingham Typhoon, ISLANDDREAMS, ITG09, KRYPTONITE PANDA, Leviathan, MUDCARP, Red Ladon, TA423, TEMP.Jumper, and TEMP.Periscope, is an ...
GhostSec: From Hacktivist Roots to RaaS Powerhouse
Resources
GhostSec: From Hacktivist Roots to RaaS Powerhouse
GhostSec evolved from anti-ISIS hacktivists into a global ransomware threat, deploying GhostLocker via RaaS and targeting critical infrastructure with sophisticated, multi-stage infiltration tactics.
Sodinokibi/REvil Ransomware: The Evasive Threat
Threat Actor
Sodinokibi/REvil Ransomware: The Evasive Threat
Overview Sodinokibi, also known as REvil, is a highly prolific and sophisticated ransomware-as-a-service (RaaS) operation active since at least April ...
Qilin Ransomware Tactics, Techniques, Procedures and Mitigation
Blog
Qilin Ransomware: Tactics, Techniques, Procedures and Mitigation
Qilin ransomware, a potent threat emerging in 2022, has rapidly gained notoriety. This blog post delves into its advanced tactics, techniques, and procedures (TTPs), providing ...
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Resources
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Evil Corp, a prolific Russian cybercrime syndicate, deploys sophisticated malware and ransomware, targeting diverse sectors globally, including healthcare and finance, for financial gain and potential ...
Everest Ransomware: Data Extortionist Turned Initial Access Broker
Resources
Everest Ransomware: Data Extortionist Turned Initial Access Broker
Everest ransomware, active since 2020, evolved from data extortion and ransomware to primarily acting as an Initial Access Broker (IAB), targeting healthcare providers.
Vice Society Ransomware: The Anti K-12 RaaS Syndicate
Resources
Vice Society Ransomware: The Anti K-12 RaaS Syndicate
Vice Society, a prolific RaaS group, preys on schools and other institutions, deploying readily available ransomware and threatening data leaks unless ransoms are paid. Their ...