Threat Actors

Crypto24 Ransomware: The Phantom Encryptor
Resources
Crypto24 Ransomware: The Phantom Encryptor
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal, encrypt, and leak sensitive data.
Charon Ransomware: Stealthy Cyber Extortion Syndicate
Resources
Charon Ransomware: Stealthy Cyber Extortion Syndicate
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing a severe threat to critical ...
APT28 / Fancy Bear: Russian State Sponsored APT
Threat Actors
APT28 / Fancy Bear: Russian State Sponsored APT
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical infrastructure.
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
Resources
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
DragonForce is a ransomware and data extortion group that evolved from a pro-Palestinian hacktivist collective into a financially motivated cybercriminal enterprise.
Lynx Ransomware: INC Ransomware Reincarnated
Resources
Lynx Ransomware: INC Ransomware Reincarnated
The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor to the INC ransomware group ...
Fog Ransomware: Data in the Mist
Resources
Fog Ransomware: Data in the Mist
Fog ransomware, a prolific and secretive threat actor, targets organizations globally, deploying sophisticated multi-stage attacks resulting in data encryption and exfiltration. Victims span various sectors. ...
Termite Ransomware: The Silent Invader
Resources
Termite Ransomware: The Silent Invader
Termite ransomware, active since at least late 2024, targets high-profile organizations. Recent victims include Blue Yonder and Zschimmer & Schwarz, highlighting its broad reach and ...
SafePay Ransomware: LockBit’s Lonewolf Ghost
Resources
SafePay Ransomware: LockBit’s Lonewolf Ghost
SafePay is a centralized ransomware group leveraging LockBit-derived code, stealthy infiltration, and rapid encryption—targeting SMEs and MSPs globally without using affiliates or public channels.
Scattered Spider: What You Know About It and What You Don’t
Blog
Scattered Spider: The Threat You Think You Know
Scattered Spider isn’t a single group but a sprawling web of identity-based attackers exploiting help desks, MFA gaps, and cloud admin tools to breach enterprises. ...
Anubis Ransomware: A Destructive, Cross-Platform Threat
Resources
Anubis Ransomware: A Destructive, Cross-Platform Threat
Anubis ransomware combines encryption and file-wiping capabilities, targeting Windows, Linux, and NAS systems with stealthy command-line execution and affiliate-driven campaigns across multiple industries.