| ID | Votes | Profile Description |
|---|---|---|
| Hive Ransomware | 10 | Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January |
| Hunters International | 5 | Hunters International, a threat actor group allegedly linked to Russia, has emerged as a significant cybersecurity concern. The group, which has been active since October of the previous year, is known for executing malicious actions with intent to cause harm and gain financially. They have recently |
| AvosLocker | 4 | AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal info |
| Akira | 3 | Akira is a malicious software or malware that has been causing significant damage to various organizations and systems worldwide. The ransomware, known for its persistent and harmful attacks, has successfully infiltrated numerous systems, often without the knowledge of the users, disrupting operatio |
| Volt Typhoon | 2 | Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo |
| Royal Ransomware | 2 | The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious |
| Zeon | 2 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Conti | Unspecified | 7 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| REvil | Unspecified | 5 | REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s |
| Babuk | Unspecified | 5 | Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc |
| Black Basta | is related to | 4 | Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of |
| Hive Ransomware Gang | Unspecified | 4 | The Hive ransomware gang, a malicious group known for exploiting and damaging computer systems through harmful software, was significantly disrupted by the Federal Bureau of Investigation (FBI) in a series of operations. Six months ago, according to the US Department of Justice (DOJ), the FBI infilt |
| LockerGoga | Unspecified | 4 | LockerGoga is a type of malware, specifically ransomware, known for its disruptive capabilities. It was notably deployed at Norsk Hydro in March 2019, causing significant operational disruption. LockerGoga differentiates itself from other types of ransomware such as EKANS due to its destructive natu |
| MegaCortex | Unspecified | 4 | MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria |
| Ragnar Locker | Unspecified | 3 | Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans |
| Clop | Unspecified | 3 | Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole |
| HELLOKITTY | Unspecified | 3 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| TrickBot | Unspecified | 3 | TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea |
| Karakurt | Unspecified | 3 | Karakurt is a malicious software (malware) utilized by cybercriminals for data theft and extortion. It was revealed as the data extortion arm of the Conti cybercrime syndicate, with links to ITG23 affiliates. Karakurt has been associated with numerous attacks, including those carried out by Quantum, |
| QakBot | Unspecified | 3 | Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw |
| Blackbasta | Unspecified | 3 | BlackBasta is a notorious malware, specifically ransomware, that has been associated with several high-profile cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, |
| Emotet | Unspecified | 2 | Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im |
| Ryuk | Unspecified | 2 | Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves |
| Avaddon | Unspecified | 2 | Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like |
| Nokoyawa | is related to | 2 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Bumblebee | Unspecified | 2 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
| Hunters | Unspecified | 2 | Malware hunters, also known as bug hunters, are cybersecurity professionals who identify and address vulnerabilities in computer systems. In 2023, these experts earned $1,038,250 for identifying 58 unique zero-day vulnerabilities at Pwn2Own Toronto, a high-profile hacking event. This success undersc |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Blackmatter | Unspecified | 4 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| Vice Society | Unspecified | 3 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| DarkSide | Unspecified | 3 | DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom |
| Uhodiransomwar | Unspecified | 2 | Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa |
| Snake | Unspecified | 2 | Snake, also known as EKANS, is a threat actor first identified by Dragos on January 6, 2020. This malicious entity is notorious for its deployment of ransomware and keyloggers, primarily targeting business networks. The Snake ransomware variant has been linked to Iran and exhibits an industrial focu |
| Qilin | Unspecified | 2 | The Qilin ransomware group, a malicious threat actor in the cybersecurity landscape, has been active since at least 2022 and gained significant attention in June 2024 for attacking Synnovis, a UK governmental service provider for healthcare. The group was later associated with Octo Tempest, which ad |
| Bl00dy | Unspecified | 2 | Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i |
| Mikhail Pavlovich Matveev | Unspecified | 2 | Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the global cybersecurity landscape. He is one of five Russians charged over Lockbit, considered to be the world's most dangero |
| Wazawaka | Unspecified | 2 | Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper |
| Boriselcin | Unspecified | 2 | Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-34523 | Unspecified | 2 | None |
| CVE-2021-34473 | Unspecified | 2 | CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to |
| CVE-2021-42321 | Unspecified | 2 | None |
| CVE-2021-31207 | Unspecified | 2 | CVE-2021-31207 is a significant software vulnerability that has been exploited by APT40, a group known for rapidly taking advantage of newly public vulnerabilities in widely used software. This particular vulnerability affects Atlassian Confluence and Microsoft Exchange, among other platforms, and a |
| CVE-2020-12812 | Unspecified | 2 | None |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securelist | 3 days ago | Evolution of Mallox: from private ransomware to RaaS | |
| DARKReading | a month ago | Hunters International Masks SharpRhino RAT as Legit Network Admin Tool | |
| DARKReading | 9 months ago | Feds Snarl ALPHV/BlackCat Ransomware Operation | |
| DARKReading | 7 months ago | US Govt. Offers Millions in Bounties to Find Hive Ransomware Actors | |
| DARKReading | 5 months ago | Global Cybercriminal Duo Face Imprisonment After Hive RAT Scheme | |
| CISA | a month ago | North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA | |
| Unit42 | 2 months ago | From RA Group to RA World: Evolution of a Ransomware Group | |
| Securityaffairs | 2 months ago | Russian nationals plead guilty to participating in the LockBit ransomware group | |
| Securityaffairs | 2 months ago | Russian nationals plead guilty to participating in the LockBit ransomware group | |
| BankInfoSecurity | 3 months ago | Breach Roundup: Phishing Platform ONNX Targets Microsoft 365 | |
| InfoSecurity-magazine | 3 months ago | LockBit Most Prominent Ransomware Actor in May 2024 | |
| DARKReading | 3 months ago | DataBee Launches Innovations for Enhanced Threat Monitoring and Zero Trust Implementation | |
| DARKReading | 4 months ago | Critical Netflix Genie Bug Opens Big Data Orchestration to RCE | |
| Securelist | 4 months ago | Kaspersky Anti-Ransomware Day report 2024 | |
| InfoSecurity-magazine | 4 months ago | LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 | |
| BankInfoSecurity | 4 months ago | Live Webinar | From Risk-Based Vulnerability Management to Exposure Management: The Future of Cybersecurity | |
| Securityaffairs | 5 months ago | Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| BankInfoSecurity | 5 months ago | Ransomware Victims Who Pay a Ransom Drops to Record Low | |
| Securityaffairs | 5 months ago | US and Australian police arrested Firebird RAT author and operator | |
| DARKReading | 5 months ago | Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware |