
Threat Actor Profile: BianLian, The Shape-Shifting Ransomware Group
Threat Actor Profile: BianLian, The Shape-Shifting Ransomware Group Nowadays, there is a rise in the number of ransomware groups with names that mean something. For example, Yanluowang is a deity in C...

Dark Web Profile: MalasLocker Ransomware
Dark Web Profile: MalasLocker Ransomware A new player has emerged on the stage of cybercrime by announcing multiple victim announcements at the end of April. Dubbed “MalasLocker,” this ransomware oper...

APT Profile: FIN7
APT Profile: FIN7 In the world of cybercrime, a name resounds with an unsettling echo – FIN7. This notorious cyber gang has left its mark on the globe, causing digital chaos wherever they go. By infil...

APT Profile: Turla
APT Profile: Turla In the digital age, war has transitioned into the virtual world, where many types of cybercriminals, such as hacktivists and nation-state actors, are called Advanced Persistent Thre...

Dark Web Profile: Play Ransomware
Dark Web Profile: Play Ransomware [Update] July 22, 2024: “Play Ransomware Broadens Its Scope with New Linux Variant Targeting ESXi” [Update] December 19, 2023: “Collaborative Advisory on Play Ransomw...

Dark Web Profile: KillNet Anonymous Sudan
Dark Web Profile: KillNet Anonymous Sudan [Update] October 17, 2024: “Indictment of Two Sudanese Nationals Behind Anonymous Sudan” [Update] July 5, 2023: In a recent cyber attack, Anonymous Sudan clai...

Dark Web Profile: BlackByte Ransomware
Dark Web Profile: BlackByte Ransomware Ransomware has been one of the most glaring threats against organizations in recent years. Since 2021 SOCRadar has detected around 5,600 ransomware attacks. Ther...

Dark Web Profile: LockBit 3.0 Ransomware
Dark Web Profile: LockBit 3.0 Ransomware [Update] August 31, 2023: See the subheading: “LockBit’s Operational Struggles, Empty Threats, and Sudden Surge.” [Update] July 03, 2023: LockBit claimed to h...

APT Profile: APT-C-35 / DoNot Team
APT Profile: APT-C-35 / DoNot Team [Update] June 20, 2023: A new espionage campaign attributed to APT-C-35 (DoNot Team) targets users in Pakistan with trojanized apps on Google Play, added the subhead...

APT Profile: Sandworm
APT Profile: Sandworm Threat actors range from teenagers eager to earn quick cash to state-sponsored actors with agendas behind their operations. The agendas of these state-sponsored groups may includ...

APT Profile: Cozy Bear / APT29
APT Profile: Cozy Bear / APT29 [Update] October 11, 2024: “Joint Advisory Warns of Mass Exploitation of Zimbra and TeamCity Servers by APT29” [Update] February 27, 2024: See the subheading: “Joint Adv...

Dark Web Profile: NoName057(16)
Dark Web Profile: NoName057(16) By SOCRadar Research [Update] July 11, 2023: NoName recently launched a cyber attack on Poland, targeting critical infrastructures such as the National Bank of Poland a...

Dark Web Profile: Hive Ransomware Group
Dark Web Profile: Hive Ransomware Group by SOCRadar Research [Update] November 14, 2023: See the subheading: “New Era of Hive Ransomware Under Hunters International.” On November 8, 2021 electronics r...

Dark Web Profile: Royal Ransomware
Dark Web Profile: Royal Ransomware By SOCRadar Research [Update] November 14, 2023: See the subheading: “CSA Update from CISA and FBI: Royal Ransomware’s Possible Rebranding to ‘Blacksuit’” Ransomwar...

Dark Web Profile: Killnet - Russian Hacktivist Group
Dark Web Profile: Killnet – Russian Hacktivist Group By SOCRadar Research The ongoing conflict between Ukraine and Russia has attracted the attention of various cybercriminal groups and pushed them to...

Dark Web Profile: Black Basta Ransomware
Dark Web Profile: Black Basta Ransomware By SOCRadar Research [Update] May 13, 2024: Read the subheading “CISA’s Advisory for Black Basta” [Update] January 3, 2024: Read the subheading “Turning the T...

Dark Web Profile: APT42 - Iranian Cyber Espionage Group
Dark Web Profile: APT42 – Iranian Cyber Espionage Group By SOCRadar Research After the Stuxnet occurred in 2010 on Iran’s nuclear program, Iran started to invest in and improve its cy...

Dark Web Profile: Overthinker1877
Dark Web Profile: Overthinker1877 Overthinker1877 or 1877 Team have recently drawn attention for their random attacks worldwide. Although the first remarkable attack was ransomware against a Romanian ...

Dark Web Profile: Moses Staff
Dark Web Profile: Moses Staff Over the past months, the SOCRadar Analyst Team has been tracking the Iranian hacker group known as Moses Staff. The group was first spotted in October 2021 and claimed i...

Dark Web Profile: BlackCat (ALPHV)
Dark Web Profile: BlackCat (ALPHV) [Update] December 19, 2023: As we speculated recently, law enforcement agencies have successfully taken control of the official site of the ALPHV.** Read more under ...