Threat Actors

Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Resources
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Evil Corp, a prolific Russian cybercrime syndicate, deploys sophisticated malware and ransomware, targeting diverse sectors globally, including healthcare and finance, for financial gain and potential ...
Everest Ransomware: Data Extortionist Turned Initial Access Broker
Resources
Everest Ransomware: Data Extortionist Turned Initial Access Broker
Everest ransomware, active since 2020, evolved from data extortion and ransomware to primarily acting as an Initial Access Broker (IAB), targeting healthcare providers.
Vice Society Ransomware: The Anti K-12 RaaS Syndicate
Resources
Vice Society Ransomware: The Anti K-12 RaaS Syndicate
Vice Society, a prolific RaaS group, preys on schools and other institutions, deploying readily available ransomware and threatening data leaks unless ransoms are paid. Their ...
KillSec: Hacktivists Turned RaaS Syndicate
Resources
KillSec: Hacktivists Turned RaaS Syndicate
KillSec, a Russia-linked RaaS group, targets healthcare and finance, leveraging OSINT and affiliates for extortion, showing a preference for Asian victims over Western ones.
Qilin/Agenda Ransomware: The Credential Stealers
Resources
Qilin/Agenda Ransomware: The Credential Stealers
Overview The Qilin ransomware group, also known as Agenda, is a Russia-based ransomware-as-a-service (RaaS) operation active since at least July ...
BianLian Ransomware: Shadow Data Extortion Group
Resources
BianLian Ransomware: Shadow Data Extortion Group
The BianLian ransomware group represents a significant and growing threat to organizations worldwide. Operating with precision and stealth, they have targeted critical infrastructure and private ...
Trinity Ransomware: The Enigma of the .trinitylock
Resources
Trinity Ransomware: The Enigma of the .trinitylock
Overview: Known Aliases of Trinity Ransomware: Trinity Ransomware. Possible links to 2023Lock and Venus ransomware, implying potential shared infrastructure or ...
Akira Ransomware: The Extortion Ghost in a Shell
Resources
Akira Ransomware: The Extortion Ghost in a Shell
Akira has targeted a range of organizations, including universities (Stanford), major IT service providers (Tietoevry), and numerous businesses across various sectors. Critical infrastructure, including healthcare ...
Hunters International Ransomware: Hive Ransomware Ressurected
Resources
Hunters International Ransomware: Hive Ransomware Ressurected
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in October 2023, following the disruption of the Hive ransomware group. They've conducted over 200 attacks ...
Rhysida Ransomware: The Silent Serpent
ransomware
Rhysida Ransomware: The Silent Serpent
Rhysida Ransomware Threat Actor Profile