Cyclops

Malware updated a month ago (2024-10-17T12:01:28.566Z)

Download STIX

Preview STIX

Cyclops, also known as Knight and later rebranded as RansomHub, is a malware that emerged in the threat landscape in May 2023. This malicious software, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RansomHub is a ransomware-as-a-service variant, an efficient and successful service model that has recently attracted high-profile affiliates from other prominent variants such as LockBit and ALPHV. The RansomHub operation, formerly known as Cyclops and Knight, is believed to be a reboot of the Knight group based on the similarity of their malware. The group has seen an influx of affiliate hackers seeking new opportunities following law enforcement disruptions to LockBit and the apparent exit of BlackCat/Alphv from the criminal underground. These developments have allowed RansomHub to establish itself as a significant player in the cybercrime landscape. In a related development, Cyclops Security, a separate entity from the malware, emerged from stealth mode with a search platform powered by generative AI that security teams can use to understand what is happening in their organizations' environments. The company raised $6.4 million in seed funding from investors including Insight Partners, Merlin Ventures, Tal Ventures, toDay Ventures, CrowdStrike Falcon Fund, and several angel investors. This investment underscores the growing need for advanced cybersecurity solutions in the face of evolving threats such as the Cyclops/Knight/RansomHub malware.

Description last updated: 2024-10-17T11:57:15.199Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ransomhub is a possible alias for Cyclops. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campai	3
Lockbit is a possible alias for Cyclops. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with Cyclops. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB	Unspecified	2

Source Document References

Information about the Cyclops Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	5 months ago	Experts found a bug in the Linux version of RansomHub ransomware
Securityaffairs	2 months ago	RansomHub ransomware gang relies on TDSKiller to disable EDR
BankInfoSecurity	3 months ago	Halliburton Says Hackers Stole Data
BankInfoSecurity	3 months ago	RansomHub Hits Powered by Ex-Affiliates of LockBit, BlackCat
CISA	3 months ago	CISA and Partners Release Advisory on RansomHub Ransomware \| CISA
CISA	3 months ago	#StopRansomware: RansomHub Ransomware \| CISA
BankInfoSecurity	3 months ago	The Upside-Down, Topsy-Turvy World of Ransomware
Securityaffairs	3 months ago	A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter
DARKReading	a year ago	Cyclops Launches From Stealth With Generative AI-Based Search Tool
CERT-EU	a year ago	Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI \| IT Security News
CERT-EU	a year ago	Cyclops Emerges From Stealth With Security Search Platform Powered by Generative AI
CERT-EU	a year ago	Cyclops Unveils Cybersecurity Search Engine Based on Generative AI
Securityaffairs	a year ago	Cyclops Ransomware group offers a multiplatform Info Stealer