| ID | Votes | Profile Description |
|---|---|---|
| Hive | 12 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
| Blackmatter | 8 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| Blackcat Ransomware Group | 7 | The BlackCat ransomware group, also known as APLHV, is a malware collective that has been active since November 2021. As a Ransomware-as-a-Service group, they specialize in exploiting computer systems and holding data hostage for ransom. The group has targeted computer networks of more than 1,000 vi |
| DarkSide | 7 | DarkSide is a notable threat actor that emerged in the cybersecurity landscape with its advanced ransomware operations. In 2021, the group gained significant attention for its attack on the United States' largest oil pipeline, Colonial Pipeline, causing a temporary halt to all operations for three d |
| Noberus | 5 | Noberus, also known as ALPHV or BlackCat, is a significant threat actor in the cybersecurity landscape. The group, which primarily operates a ransomware-as-a-service (RaaS) model, was the second most active ransomware group in April 2023, responsible for 14% of total observed victims. Originating fr |
| Trigona | 5 | Trigona, a malware identified in 2022, emerged as a significant ransomware threat. This malicious software, designed to exploit and damage computer systems, infected devices through suspicious downloads, emails, or websites. The malware was particularly notorious for targeting Microsoft SQL servers, |
| Sphynx | 5 | Sphynx, a new variant of the BlackCat ransomware, was announced and launched by ALPHV Blackcat administrators in February 2023. This update, named ALPHV BlackCat Ransomware 2.0 Sphynx, was rewritten to provide additional features to affiliates, including improved defense evasion capabilities and add |
| FIN8 | 4 | FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance. |
| NoEscape | 4 | NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las |
| Blacksuit | 3 | BlackSuit is a malicious software (malware) that was introduced in May 2023, believed to be a rebranding of the Royal ransomware operation, which itself was a branch of the now-defunct Conti ransomware operation. Various sources have reported similarities in code between Royal and BlackSuit, further |
| BlackCat | 3 | BlackCat, also known as Alphv, is a Russian-based ransomware-as-a-service group that has recently targeted organizations in the healthcare and academic sectors. Lehigh Valley Health Network (LVHN), which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, repo |
| Black Cat | 3 | Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware |
| Lockbit Black | 2 | LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The |
| Gold Blazer | 1 | GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors are |
| Oktapus | 1 | Oktapus, a threat actor also known as Scattered Spider, Scatter Swine, and Muddled Libra, has been identified as a significant cybersecurity risk due to its sophisticated phishing campaigns. The group first gained notoriety in 2022 when it launched the Oktapus phishing campaign, targeting employees |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lockbit | is related to | 18 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Conti | Is from | 8 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| Akira | Unspecified | 8 | Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow |
| Blackbasta | Unspecified | 7 | BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho |
| REvil | is related to | 7 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| Black Basta | Unspecified | 5 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| Ragnar Locker | Unspecified | 4 | Ragnar Locker is a type of malware, specifically a ransomware, that has been designed to infiltrate computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites and once inside, it has the capability to steal personal information, disru |
| AvosLocker | Unspecified | 4 | AvosLocker is a type of malware, specifically a ransomware, that has been causing significant issues across the digital landscape. Ransomware is a form of malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without |
| Royal Ransomware | Unspecified | 3 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
| Emotet | Unspecified | 3 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
| Sardonic | Unspecified | 3 | Sardonic is a sophisticated piece of malware, or malicious software, first identified in 2021. It was designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. The malware could disrupt operations, steal person |
| Conti, Lockbit | Unspecified | 3 | None |
| QakBot | Unspecified | 3 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
| Ryuk | Unspecified | 3 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Cactus | is related to | 3 | Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c |
| Nokoyawa | Unspecified | 2 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Maze | Unspecified | 2 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| Ghost | Unspecified | 2 | Ghost is a type of malware, or malicious software, that infiltrates systems to exploit and cause damage. It is often disseminated through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. In 2020, there were plans for |
| Egregor | Unspecified | 2 | Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab |
| Babuk | Unspecified | 2 | Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso |
| Phobos | Unspecified | 2 | Phobos is a type of malware, specifically a ransomware, that has been a significant cause for concern in the cyber security world. This malicious software infiltrates systems through dubious downloads, emails, or websites and can cause severe damage by stealing personal information, disrupting opera |
| Brute Ratel | Unspecified | 2 | Brute Ratel is a sophisticated malware variant that has been used in a series of cyber attacks targeting diplomatic staff and other sensitive targets. It's delivered through custom loaders embedded in lure documents, which are designed to trick the recipient into triggering the infection process. On |
| Ragnarlocker | Unspecified | 1 | RagnarLocker is a type of malware, specifically ransomware, which first emerged in 2021. It is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostag |
| Rook | Unspecified | 1 | Rook is a malicious software (malware) linked to several ransomware activities, including LockFile, AtomSilo, Night Sky, and Pandora. These activities are associated with the deployment of HUI Loader, which has been used in loading Cobalt Strike Beacon. A CTU analysis revealed that these five ransom |
| 3am | Unspecified | 1 | 3AM is a new and sophisticated ransomware family that has recently emerged in the cyber threat landscape. The malware, known for its malicious intent to exploit and damage computer systems, operates by infiltrating the target infrastructure through suspicious downloads, emails, or websites. Once ins |
| Cherry | Unspecified | 1 | Cherry is a malicious software, or malware, that has recently impacted Cherry Health, a Michigan-based healthcare provider. The malware infiltrated the system through unknown means, disrupting operations and causing a significant ransomware attack. This incident underscores the security challenges f |
| Threeam | Unspecified | 1 | ThreeAM, a developing ransomware group first identified by GRIT in September 2023, has been steadily increasing its operational tempo. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's k |
| Mirai | Unspecified | 1 | Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g |
| Lockfile | Unspecified | 1 | LockFile is a type of malicious software, or malware, that has been linked to ransomware activity. This harmful program can infiltrate your system via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold your data for ransom. Analysis of the PlugX |
| Predator | Unspecified | 1 | Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple a |
| Backmydata | Unspecified | 1 | Backmydata is a variant of the Phobos ransomware family, a malicious software (malware) designed to exploit and damage computer systems. It has been used in sophisticated cyber-attacks on healthcare entities, notably hospitals. The landscape of such attacks is evolving, with groups like RansomHouse, |
| Predator Spyware | Unspecified | 1 | Predator Spyware is a type of malware, or malicious software, that has recently been identified as a significant threat to digital security. This harmful program infiltrates devices without the user's knowledge, often through suspicious downloads, emails, or websites. Once installed, it can steal pe |
| Matanbuchus | Unspecified | 1 | Matanbuchus is a malicious software (malware) that has been actively used in various cyberattacks since July 16, 2022. Initially identified as part of a malspam campaign by Unit 42 in February 2023, it was believed to be a possible drop from the PikaBot malware. However, subsequent analysis revealed |
| Rorschach | Unspecified | 1 | Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe |
| Ursnif | Unspecified | 1 | Ursnif, also known as Gozi or ISFB, is a type of malware that poses significant threats to computer systems and user data. It's often distributed through suspicious downloads, emails, or websites, infiltrating systems without the user's knowledge. Once installed, Ursnif can steal personal informatio |
| HELLOKITTY | Unspecified | 1 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| GuLoader | Unspecified | 1 | GuLoader is a type of malware that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. GuLoader is encrypted with NSIS Crypter and has |
| Qbot | Unspecified | 1 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
| Hardbit | Unspecified | 1 | HardBit is a malicious software (malware) that first emerged in the threat landscape in October 2022. This ransomware is particularly harmful as it can disable Microsoft Defender Antivirus and inhibit System Recovery, making it difficult for victims to restore their systems post-infection. The malwa |
| Zloader | Unspecified | 1 | ZLoader is a type of malware, malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capacity to steal personal information, disrupt operations, or even ho |
| Meterpreter | Unspecified | 1 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
| Gold Mystic | Unspecified | 1 | Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of |
| Pegasus | Unspecified | 1 | Pegasus is a highly sophisticated malware developed by the NSO Group, known for its advanced and invasive capabilities. It is classified as mercenary spyware, often used by governments to target individuals such as journalists, political activists, and others of interest. Pegasus is particularly not |
| Medusa Ransomware | Unspecified | 1 | Medusa ransomware is a malicious software designed to infiltrate systems, steal personal information, disrupt operations, and hold data hostage for ransom. It often enters systems through suspicious downloads, emails, or websites unbeknownst to the user. Once inside, it leaves a ransom note, demandi |
| Snatch | Unspecified | 1 | Snatch is a type of malware, specifically ransomware, designed to infiltrate systems undetected, often through suspicious downloads, emails, or websites. Once inside the system, it can wreak havoc by stealing personal information, disrupting operations, or holding data hostage for ransom. The Snatch |
| MegaCortex | Unspecified | 1 | MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria |
| Lockbit3 | Unspecified | 1 | LockBit3 is a prominent malware that has been significantly active in the cyber threat landscape. In the first half of 2023, it was reported as the most active among 48 ransomware groups, breaching over 2,200 victims. This represented a 20% increase in victims compared to the same period in 2022. Th |
| MedusaLocker | Unspecified | 1 | MedusaLocker, first observed in September 2019, is a potent ransomware variant that primarily targets Windows machines through spam. This malware should not be confused with Medusa, a Ransomware-as-a-Service (RaaS) platform active since late 2022. MedusaLocker has been utilized by various ransomware |
| IcedID | Unspecified | 1 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
| Carbanak | Unspecified | 1 | Carbanak is a sophisticated type of malware, short for malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Aresloader | Unspecified | 1 | AresLoader is a type of malware that was first advertised for sale on the top-tier Russian-language hacking forum XSS in December 2022 by a threat actor named "DarkBLUP". This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emai |
| Dark Side | Unspecified | 1 | Dark Side is a malicious software (malware) that poses significant threats to computer systems and devices. It infiltrates systems often through suspicious downloads, emails, or websites, with the potential to steal personal information, disrupt operations, or even hold data for ransom. This malware |
| Revil/sodinokibi | Unspecified | 1 | REvil/Sodinokibi is a type of malware, specifically ransomware, first identified on September 24, 2019. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, |
| Mallox | Unspecified | 1 | Mallox, also known as Fargo and Tohnichi, is a sophisticated malware that first surfaced in June 2021. This ransomware infiltrates systems primarily via SQL servers and has been observed to be particularly active in Taiwan, India, Thailand, and South Korea. It employs various variants that append di |
| Ransomexx2 | Unspecified | 1 | RansomExx2 is a newly discovered variant of the RansomExx malware, designed to target Linux operating systems and exploit vulnerable ESXi servers. This strain has been identified through its distinctive MD5 hash 377C6292E0852AFEB4BD22CA78000685 and is recognized as a Linux executable written in the |
| Rorschach Ransomware | Unspecified | 1 | The Rorschach ransomware, also known as BabLock, is a new and unique strain of malware that was first identified by Check Point Research (CPR) and the Check Point Incident Response Team (CPIRT) in April 2023. The ransomware, which was named after the famous psychological test due to its varied appea |
| Karakurt | Unspecified | 1 | Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Alphv Group | Unspecified | 8 | The ALPHV group, also known as BlackCat, is a threat actor that has been active in the cybersecurity landscape. In 2023, the group was significantly impacted by law enforcement actions. Notably, they claimed responsibility for a major hack against Clarion, a global manufacturer of audio and video eq |
| Ransomhub | Unspecified | 7 | RansomHub, a threat actor known for executing actions with malicious intent, has recently been linked to several high-profile cyber-attacks. The group is recognized for its ransomware attacks, which have resulted in significant data breaches at multiple companies. Christie, a prominent organization, |
| Scattered Spider | is related to | 7 | Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur |
| Zeon | is related to | 7 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| Vice Society | Unspecified | 6 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| Alphv Ransomware Group | Unspecified | 6 | The ALPHV ransomware group, also known as BlackCat, is a threat actor that has been responsible for a series of high-profile cyberattacks on various sectors. The group, which is believed to be connected to Russian organized crime, first gained notoriety when it claimed responsibility for the MGM Res |
| UNC3944 | Unspecified | 4 | UNC3944, also known as Scattered Spider and 0ktapus, is a financially motivated threat actor that has been active since 2021. Initially targeting telecommunication firms and tech companies, the group has expanded its range to include hospitality, retail, media, and financial services sectors. The gr |
| FIN7 | Unspecified | 4 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| Octo Tempest | Unspecified | 4 | Octo Tempest, also known as Scattered Spider, is a financially motivated threat actor known for launching extensive campaigns featuring adversary-in-the-middle (AiTM) techniques, social engineering, and SIM-swapping capabilities. This native English-speaking collective has evolved to become a signif |
| Medusa | Unspecified | 4 | Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023 |
| Hive Ransomware | Unspecified | 3 | Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January |
| Bianlian | Unspecified | 3 | BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a |
| 8base | Unspecified | 2 | 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base o |
| Shadowsyndicate | Unspecified | 2 | ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO |
| LockBitSupp | Unspecified | 2 | LockBitSupp, also known as LockBit and putinkrab, is a notorious threat actor responsible for creating and operating one of the most prolific ransomware variants. The individual behind this persona, Dmitry Yuryevich Khoroshev, has been actively involved in ransomware attacks against organizations fo |
| Darkbit | Unspecified | 2 | DarkBit is a notable threat actor in the cybersecurity landscape, believed to be sponsored by the Iranian government. The group first gained significant attention following a ransomware and extortion attack on Technion, a leading research university in Israel, in February 2023. During this attack, a |
| Sodinokibi | Unspecified | 2 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
| Muddled Libra | Unspecified | 2 | Muddled Libra is a notable threat actor known for its sophisticated use of cloud services, particularly Amazon Web Services (AWS) and Microsoft Azure, to execute cyberattacks. The group leverages legitimate cloud service provider (CSP) features to efficiently exfiltrate data. In AWS, Muddled Libra t |
| Rhysida | Unspecified | 2 | Rhysida, a threat actor known for executing malicious cyber activities, has been responsible for numerous ransomware attacks. The group has primarily targeted businesses and healthcare organizations, with notable instances including a disruptive attack on Ann & Robert H. Lurie Children's Hospital of |
| Qilin | Unspecified | 2 | Qilin, a notable threat actor in the cybersecurity landscape, has been significantly active over the last two years, compromising more than 150 organizations across 25 countries and various industries. Originally evolving from the Agenda ransomware written in Go, Qilin has since transitioned to Rust |
| Star Blizzard | Unspecified | 1 | Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tr |
| Snake | Unspecified | 1 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
| Sandworm | Unspecified | 1 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| APT28 | Unspecified | 1 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| Blackbyte | Unspecified | 1 | BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| Defray | Unspecified | 1 | Defray is a malicious threat actor group, also known as Hive0091, that operates various ransomware strains such as Defray, Ryuk, and BitPaymer. They are also responsible for the RansomExx operation, PyXie malware, and Vatet loader. The cybersecurity industry identifies this group as a significant pl |
| Clop Gang | Unspecified | 1 | The Clop Gang, a threat actor with malicious intent, has been responsible for significant cybercrimes. This group, like others in the cybersecurity landscape, is known for its harmful actions against various targets. The Clop Gang's activities underscore the need for robust and effective cybersecuri |
| White Rabbit | Unspecified | 1 | White Rabbit is a notable threat actor in the cybersecurity landscape, known for its malicious activities and association with other prominent hacking groups. The group's name, derived from the character in Alice's Adventures in Quantum Wonderland, signifies its unique approach to cyber attacks. In |
| Syssphinx | Unspecified | 1 | Syssphinx, also known as FIN8, is a threat actor that has been active since 2016. This group is known for taking extended breaks between attack campaigns to refine its tactics, techniques, and procedures (TTPs). For instance, Syssphinx had used backdoor malware called Badhatch in attacks since 2019, |
| Clop Ransomware Group | Unspecified | 1 | The Clop ransomware group, a threat actor in the cybersecurity realm, has been recognized for its malicious activities involving the exploitation of software vulnerabilities. These entities, which can range from individuals to government entities, are responsible for executing actions with harmful i |
| RansomedVC | Unspecified | 1 | RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat |
| Tick | Unspecified | 1 | Tick is a threat actor, also known as BRONZE BUTLER, that likely originates from the People's Republic of China. Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers have been investigating activities associated with this group. Tick has deployed various tools and malware fami |
| The Com | Unspecified | 1 | "The Com" is a threat actor or cybercriminal community that has been involved in numerous high-profile cyberattacks, including recent attacks on Las Vegas resorts that severely impacted several prominent hotels and casinos. The community is largely composed of young hackers who are inducted into a l |
| Lapsus | Unspecified | 1 | Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor |
| Hunters International | Unspecified | 1 | Hunters International, a threat actor group in the cybersecurity realm, has recently gained notoriety for its malicious activities. The group is believed to have taken over Hive Ransomware, a notorious malware used for cyberattacks, after Hive's takedown in 2023. Despite disputes from Hunters Intern |
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Citrix Bleed | Targets | 4 | Citrix Bleed, identified as CVE-2023-4966, is a severe software vulnerability in Citrix Netscaler Gateway and Netscaler ADC products, with a high CVSS score of 9.4 indicating its critical nature. This flaw allows for sensitive information disclosure, bypassing password requirements and multifactor a |
| CVE-2023-4966 | Unspecified | 2 | CVE-2023-4966, also known as "Citrix Bleed," is a critical zero-day vulnerability affecting Citrix Netscaler Gateway and Netscaler ADC products. This sensitive information disclosure vulnerability enables threat actors to bypass multifactor authentication using stolen session tokens, making it parti |
| CVE-2023-0669 | Unspecified | 1 | CVE-2023-0669 is a software vulnerability that originated in Fortra's GoAnywhere Managed File Transfer (MFT) tool, which is a secure file transfer solution. This flaw, a remote code execution (RCE) vulnerability, allows unauthorized users to execute arbitrary commands on the affected system. The Clo |
| Zeon/ryuk | Unspecified | 1 | None |
| CVE-2024-1709 | Unspecified | 1 | CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response |
| Blackmatter/darkside | Unspecified | 1 | None |
| CVE-2021-44228 | Unspecified | 1 | CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b |
| CVE-2022-22965 | Unspecified | 1 | None |
| Blackcat Sphynx | Unspecified | 1 | None |
| Blackcat’s Sphynx | Unspecified | 1 | None |
| Assault | Unspecified | 1 | The term "assault" in this context refers to a variety of aggressive actions, ranging from cyber attacks to physical violence. One significant event occurred on October 7, 2023, when Hamas launched a coordinated cross-border assault on Israel, marking the official start of the Israel-Hamas War. This |
| CVE-2016-0099 | Unspecified | 1 | None |
| CVE-2021-31207 | Unspecified | 1 | CVE-2021-31207 is a significant software vulnerability that affects Atlassian Confluence and Microsoft Exchange. It was discovered that Advanced Persistent Threat group APT40 rapidly exploits this flaw, along with other public vulnerabilities in widely used software like Log4J (CVE-2021-44228) and M |
| CVE-2021-34523 | Unspecified | 1 | None |
| CVE-2021-34473 | Unspecified | 1 | CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to |
| Proxyshell | Unspecified | 1 | ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau |
| Ktapus | Unspecified | 1 | None |
| Unc3944 Scattered Spider | Unspecified | 1 | None |
| CVE-2023-3519 | Unspecified | 1 | CVE-2023-3519 is a critical remote code execution vulnerability that was discovered in Citrix's NetScaler ADC and NetScaler Gateway products. The flaw, which carried a severity rating of 9.8 out of 10 on the CVSS vulnerability scale, allows an attacker to take control of an affected system. Citrix r |
| CVE-2019-7481 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 5 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | FIN7 group advertises new EDR bypass tool on hacking forums |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 9 days ago | FIN7 group advertises new EDR bypass tool on hacking forums |
| BankInfoSecurity | 10 days ago | Change Healthcare's Breach Costs Could Reach $2.5 Billion |
| DARKReading | 10 days ago | Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes |
| Securityaffairs | 10 days ago | Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal |
| DARKReading | 10 days ago | Microsoft: Scattered Spider Widens Web With RansomHub & Qilin |
| BankInfoSecurity | 10 days ago | Rite Aid Says Ransomware Group Stole 2.2M Customers' Data |
| InfoSecurity-magazine | 12 days ago | Pharmacy Giant Rite Aid Hit By Ransomware |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| BankInfoSecurity | 15 days ago | Major Health Data Breaches: How Are Trends Shifting in 2024? |
| InfoSecurity-magazine | 16 days ago | Ransomware Surges Annually Despite Law Enforcement Takedowns |
| Recorded Future | 18 days ago | RansomHub Draws in Affiliates with Multi-OS Capability and High Commission Rates | Recorded Future |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| Securityaffairs | 23 days ago | Operation Morpheus took down 593 Cobalt Strike servers used by threat actors |
| InfoSecurity-magazine | 24 days ago | Cyber Extortion Soars: SMBs Hit Four Times Harder |
| BankInfoSecurity | 24 days ago | Millions Affected by Prudential Ransomware Hack in February |
| Securityaffairs | 25 days ago | Prudential Financial data breach impacted over 2.5M individuals |
| BankInfoSecurity | 25 days ago | Groups Ask HHS for Guidance on Massive Change Breach Reports |