Cyclops

Malware updated 17 hours ago (2024-10-17T12:01:28.566Z)

Download STIX

Preview STIX

Cyclops, also known as Knight and later rebranded as RansomHub, is a malware that emerged in the threat landscape in May 2023. This malicious software, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RansomHub is a ransomware-as-a-service variant, an efficient and successful service model that has recently attracted high-profile affiliates from other prominent variants such as LockBit and ALPHV. The RansomHub operation, formerly known as Cyclops and Knight, is believed to be a reboot of the Knight group based on the similarity of their malware. The group has seen an influx of affiliate hackers seeking new opportunities following law enforcement disruptions to LockBit and the apparent exit of BlackCat/Alphv from the criminal underground. These developments have allowed RansomHub to establish itself as a significant player in the cybercrime landscape. In a related development, Cyclops Security, a separate entity from the malware, emerged from stealth mode with a search platform powered by generative AI that security teams can use to understand what is happening in their organizations' environments. The company raised $6.4 million in seed funding from investors including Insight Partners, Merlin Ventures, Tal Ventures, toDay Ventures, CrowdStrike Falcon Fund, and several angel investors. This investment underscores the growing need for advanced cybersecurity solutions in the face of evolving threats such as the Cyclops/Knight/RansomHub malware.

Description last updated: 2024-10-17T11:57:15.199Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ransomhub is a possible alias for Cyclops. RansomHub is a threat actor that emerged as a new group in the cybersecurity landscape in February 2024, following the initial takedown of LockBit. Many former LockBit affiliates seemed to have either started working independently using freely available ransomware source code such as Phobos or align	3
Lockbit is a possible alias for Cyclops. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operat	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with Cyclops. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its la	Unspecified	2

Source Document References

Information about the Cyclops Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	4 months ago	Experts found a bug in the Linux version of RansomHub ransomware
Securityaffairs	a month ago	RansomHub ransomware gang relies on TDSKiller to disable EDR
BankInfoSecurity	a month ago	Halliburton Says Hackers Stole Data
BankInfoSecurity	2 months ago	RansomHub Hits Powered by Ex-Affiliates of LockBit, BlackCat
CISA	2 months ago	CISA and Partners Release Advisory on RansomHub Ransomware \| CISA
CISA	2 months ago	#StopRansomware: RansomHub Ransomware \| CISA
BankInfoSecurity	2 months ago	The Upside-Down, Topsy-Turvy World of Ransomware
Securityaffairs	2 months ago	A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter
DARKReading	a year ago	Cyclops Launches From Stealth With Generative AI-Based Search Tool
CERT-EU	a year ago	Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI \| IT Security News
CERT-EU	a year ago	Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI
CERT-EU	a year ago	Cyclops Unveils Cybersecurity Search Engine Based on Generative AI
Securityaffairs	a year ago	Cyclops Ransomware group offers a multiplatform Info Stealer