Threat Actors

Scattered Spider: What You Know About It and What You Don’t
Blog
Scattered Spider: The Threat You Think You Know
Scattered Spider isn’t a single group but a sprawling web of identity-based attackers exploiting help desks, MFA gaps, and cloud admin tools to breach enterprises. ...
Anubis Ransomware: A Destructive, Cross-Platform Threat
Resources
Anubis Ransomware: A Destructive, Cross-Platform Threat
Anubis ransomware combines encryption and file-wiping capabilities, targeting Windows, Linux, and NAS systems with stealthy command-line execution and affiliate-driven campaigns across multiple industries.
BlackSuit (Royal) Ransomware: Conti Ransomware Reborn
Resources
BlackSuit (Royal) Ransomware: Conti Ransomware Reborn
BlackSuit, formerly Royal, is a sophisticated ransomware group using multi-vector attacks, partial encryption, and double extortion to target global organizations, including critical infrastructure. Their operations ...
INC Ransom: Master of Double Extortion
Ransomware
INC Ransomware: Master of Double Extortion
INC Ransomware is a sophisticated and relatively new cybercriminal group known for its targeted ransomware attacks against corporate and organizational networks. They exhibit a high ...
Scattered Spider: A Web of Social Engineering
Resources
Scattered Spider: A Web of Social Engineering
Scattered Spider, also known as UNC3944, is a financially motivated cybercriminal group known for its sophisticated social engineering tactics and ability to navigate cloud environments.
APT40: Chinese State Sponsored APT
Resources
APT40: Chinese State Sponsored APT
APT40, also known as ATK29, BRONZE MOHAWK, G0065, GADOLINIUM, Gingham Typhoon, ISLANDDREAMS, ITG09, KRYPTONITE PANDA, Leviathan, MUDCARP, Red Ladon, TA423, TEMP.Jumper, and TEMP.Periscope, is an ...
GhostSec: From Hacktivist Roots to RaaS Powerhouse
Resources
GhostSec: From Hacktivist Roots to RaaS Powerhouse
GhostSec evolved from anti-ISIS hacktivists into a global ransomware threat, deploying GhostLocker via RaaS and targeting critical infrastructure with sophisticated, multi-stage infiltration tactics.
Sodinokibi/REvil Ransomware: The Evasive Threat
Threat Actor
Sodinokibi/REvil Ransomware: The Evasive Threat
Overview Sodinokibi, also known as REvil, is a highly prolific and sophisticated ransomware-as-a-service (RaaS) operation active since at least April ...
Qilin Ransomware Tactics, Techniques, Procedures and Mitigation
Blog
Qilin Ransomware: Tactics, Techniques, Procedures and Mitigation
Qilin ransomware, a potent threat emerging in 2022, has rapidly gained notoriety. This blog post delves into its advanced tactics, techniques, and procedures (TTPs), providing ...
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Resources
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Evil Corp, a prolific Russian cybercrime syndicate, deploys sophisticated malware and ransomware, targeting diverse sectors globally, including healthcare and finance, for financial gain and potential ...