Our Blog

AI-Powered SOC – The Future of Cybersecurity

  • 5
AI-Powered_SOC

New Articles

Kettering Health crippled by ransomware: 14 hospitals on emergency reroute

On May 20, 2025, Kettering Health’s network was hit by a ransomware attack, forcing 14 hospitals to switch to emergency reroutes and manual operations. The attack spread rapidly across critical systems due to undetected lateral movement, highlighting gaps in early threat detection. Patients reported suspicious calls, indicating potential data misuse. This incident underscores the urgent need for healthcare organizations to strengthen identity security, implement layered defenses, and prepare robust response plans.

Pro-Russian Cyber Activity: Hybrid Threats and the UK Response

An insights article assessing pro-Russian cyber activity with a situational briefing on hybrid threats to UK-aligned institutions. Includes a side-by-side comparison of key threat groups including KillNet, NoName057(16), and XakNet.

Donation-Based Ransomware Groups

An insights article comparing donation-model ransomware operators such as MalasLocker, exploring the ethics, tactics, and implications of threat actors who demand charitable giving instead of cryptocurrency payments.

Western Alliance Data Breach Tied to Cleo Software Flaw

Western Alliance Bank confirmed a data breach in April 2025 linked to a vulnerability in Cleo Integration Cloud. The breach, attributed to the Cl0p ransomware group, underscores the growing risks from third-party software vulnerabilities. Learn how the bank is responding and the increasing role of SOC in protecting financial institutions.

DBS Data Breach 2025: Ransomware Attack Exposes 11,000 Customers

An insights article examining the 2025 DBS data breach, focusing on how a ransomware attack on vendor Toppan Next Tech exposed thousands of customer records, and what it reveals about the growing threat of third-party supply chain vulnerabilities in the financial sector.

Emerging Ransomware Threats and Securing Open-Source Email Infrastructure

An insights article highlighting the rise of unconventional ransomware groups targeting open-source email platforms like Zimbra, including a technical bulletin with actionable guidance for UK organisations.

All Blogs

Kettering Health crippled by ransomware: 14 hospitals on emergency reroute

On May 20, 2025, Kettering Health’s network was hit by a ransomware attack, forcing 14 hospitals to switch to emergency reroutes and manual operations. The attack spread rapidly across critical systems due to undetected lateral movement, highlighting gaps in early threat detection. Patients reported suspicious calls, indicating potential data misuse. This incident underscores the urgent need for healthcare organizations to strengthen identity security, implement layered defenses, and prepare robust response plans.

Pro-Russian Cyber Activity: Hybrid Threats and the UK Response

An insights article assessing pro-Russian cyber activity with a situational briefing on hybrid threats to UK-aligned institutions. Includes a side-by-side comparison of key threat groups including KillNet, NoName057(16), and XakNet.

Donation-Based Ransomware Groups

An insights article comparing donation-model ransomware operators such as MalasLocker, exploring the ethics, tactics, and implications of threat actors who demand charitable giving instead of cryptocurrency payments.

Western Alliance Data Breach Tied to Cleo Software Flaw

Western Alliance Bank confirmed a data breach in April 2025 linked to a vulnerability in Cleo Integration Cloud. The breach, attributed to the Cl0p ransomware group, underscores the growing risks from third-party software vulnerabilities. Learn how the bank is responding and the increasing role of SOC in protecting financial institutions.

DBS Data Breach 2025: Ransomware Attack Exposes 11,000 Customers

An insights article examining the 2025 DBS data breach, focusing on how a ransomware attack on vendor Toppan Next Tech exposed thousands of customer records, and what it reveals about the growing threat of third-party supply chain vulnerabilities in the financial sector.

Emerging Ransomware Threats and Securing Open-Source Email Infrastructure

An insights article highlighting the rise of unconventional ransomware groups targeting open-source email platforms like Zimbra, including a technical bulletin with actionable guidance for UK organisations.

The Quiet Breach: Understanding and Responding to Low-Volume Data Leak Actors

An insights article exploring the rise of low-volume data leak actors and offering a practical detection and response guide for non-encryption-based extortion threats targeting UK organisations.

Detection Advisory: ProjectRelic and Low-Noise Threat Actors in the UK and EU

A detection-focused advisory for research institutions and local governments concerned with low-noise threat actors such as ProjectRelic, including a technical bulletin on persistence, credential theft, and passive data exfiltration in academic and civic networks.

Everest Group Alleged to have hit Kaefer

On 8 May 2025 at approximately 05:49 BST, the Everest Ransomware Group purportedly claimed responsibility for a cyber‐intrusion against Kaefer, one of the world’s leading industrial insulation and access specialists.

Stealth-State Actors: Silent Persistence, Slow Exfiltration, and Cloud-Based C2

An insights post exploring the stealthy methods of state-aligned threat actors, including Silent Ransom (Silk Typhoon), and how defenders can detect slow exfiltration and cloud-based command and control in enterprise environments.
Continuous Threat Exposure Management

Continuous Threat Exposure Management

In an era where cyber attacks are not a question of if but when, Continuous Threat Exposure Management has emerged as a crucial strategy for staying one step ahead. For IT directors and C-suite executives, CTEM offers a little easier sleep at night.
Open Source Security Tools

Open-Source Tools for SOC Analysts

PCI-DSS-4.0

PCI DSS 4.0: Significance for Retailers and the Value of SOC-as-a-Service

DragonForce Threat Actor Profile

DragonForce is a cyber threat group that has rapidly evolved from hacktivist beginnings into a prolific ransomware operation. Active since mid-2023, it initially engaged in ideologically driven attacks but later shifted focus to financially motivated extortion.
SOC as a Service

SOC365: The Backbone of SOC as a Service

UK Cyber Defence’s SOC365 is a cutting-edge Security Information and Event Management (SIEM) service platform that forms the backbone of the company’s SOC-as-a-service offering.
AI-Powered_SOC

What is SOC?

What is SOC? Understanding the Security Operations Centre for Modern UK Businesses
Role of Defense Security Services in Today’s World

Role of Defense Security Services in Today’s World

As our world becomes increasingly complex, the need to protect people, assets, and information has surged to the forefront of public consciousness.
Unlocking Cybersecurity: The Ultimate Guide to SOC as a Service for Your Business

Unlocking Cybersecurity: The Ultimate Guide to SOC as a Service for Your Business

As organisations strive to safeguard their sensitive data, the concept of a Security Operations Centre (SOC) as a Service is emerging as a crucial solution. This comprehensive guide will unravel the intricacies of SOC as a Service, empowering you to transform your cybersecurity strategy.
Ransomware Surge in the UK

Ransomware Surge in the UK: Strengthening Our Collective Cyber Defence

The Future of Threat Hunting

Mastering Threat Hunting: The Future of Threat Hunting

APT41

A detailed threat profile of APT41, a China-based state-sponsored group known for blending cyber espionage with financially motivated attacks, targeting healthcare, telecoms, finance, and critical infrastructure globally.

APT28 (Fancy Bear)

A threat profile of APT28 (Fancy Bear), a Russian military intelligence-backed threat actor known for cyber espionage, disinformation, and targeted attacks on NATO, the UK, and global political infrastructure.

APT29 (Cozy Bear)

A threat profile of APT29 (Cozy Bear), a Russian state-sponsored cyber espionage group targeting Western governments, defence, and critical infrastructure with persistent, stealthy campaigns.

Trigona

Royal Ransomware Group

A threat profile of Royal, a sophisticated ransomware group targeting critical infrastructure and enterprises with double extortion tactics, custom tooling, and high-pressure ransom negotiations.

NoEscape

A threat profile of NoEscape, a ransomware group known for enterprise targeting, cross-platform payloads, and aggressive extortion tactics involving encryption and data theft.

DarkVault

A threat profile of DarkVault, a stealthy ransomware group using double extortion, custom tooling, and targeted campaigns against data-rich organisations in Europe and the UK.

8Base Ransomware Group – Threat Actor Profile

A threat profile of 8Base, a rapidly expanding ransomware group known for double extortion tactics, opportunistic targeting, and the re-use of leaked ransomware infrastructure.

RansomHouse

A threat profile of RansomHouse, a data-focused extortion group known for avoiding encryption and instead exfiltrating and leaking sensitive data to pressure victims into ransom payments.

BlackCat (ALPHV)

A threat profile of BlackCat (ALPHV), a technically advanced ransomware group known for multi-extortion tactics, cross-platform payloads, and attacks on critical infrastructure across the UK and beyond.

Cl0p

A comprehensive threat profile of Cl0p, a data-extortion ransomware group known for exploiting zero-day vulnerabilities and orchestrating large-scale attacks on enterprise file transfer systems.

KillSec

A threat profile of KillSec, a politically motivated hacktivist group known for DDoS attacks, website defacement, and data leaks targeting Western governments and critical services.

Rhysida Ransomware Group

A detailed threat profile of Rhysida, a politically ambiguous ransomware group known for public sector targeting, double extortion, and its highly visible dark web leak site.

Incransom Ransomware Group

A threat profile of Incransom, an emerging ransomware group known for targeting small-to-mid-sized enterprises with fast-impact encryption and opportunistic extortion campaigns.

MetaEncryptor Ransomware Group

A detailed threat profile of MetaEncryptor, a ransomware group using advanced evasion techniques, double extortion, and targeted enterprise-level campaigns.

Crypto24 Ransomware Group

A threat profile of Crypto24, an emerging ransomware group using targeted double extortion attacks, low-volume campaigns, and deceptive payment infrastructure.

Hellcat Ransomware Group

A threat profile of Hellcat, a rapidly emerging ransomware group using double extortion and targeting enterprise infrastructure with tailored payloads and opportunistic campaigns.

Medusa Ransomware Group

An in-depth threat profile of the Medusa ransomware group, known for destructive attacks, public leak extortion, and its fast-growing list of international victims.

Sarcoma Ransomware Group

A threat profile of Sarcoma, an emerging ransomware group using double extortion and opportunistic targeting, linked to legacy industrial malware infrastructure.

Oilin Ransomware Group

A threat actor profile of Oilin, a stealthy ransomware group active since 2023, known for targeted attacks, double extortion, and links to experienced cybercriminal operators.

Play Ransomware Group

A threat profile of Play, a fast-rising ransomware group known for aggressive targeting, double extortion tactics, and cross-platform ransomware with ESXi support.

Akira Ransomware Group

A detailed threat profile of Akira, a ransomware group active since 2023 that targets organisations with double extortion attacks and cross-platform capabilities.

Hunters Ransomware Group

An in-depth profile of Hunters International, a data extortion ransomware group believed to have evolved from Hive, targeting healthcare, legal, and public sector organisations.

LockBit 3.0

A detailed analysis of LockBit 3.0, a highly active ransomware group known for double extortion, sophisticated tooling, and global attacks.

APT10 – Threat Actor Profile

A threat profile of APT10, a Chinese state-sponsored cyber espionage group known for global targeting of managed service providers, defence contractors, and research institutions through advanced supply chain compromise and credential theft.

Mustang Panda – Threat Actor Profile

A threat profile of Mustang Panda, a China-based cyber espionage group known for targeting government entities, NGOs, and think tanks across Europe and Asia using custom malware and socially engineered lures.

Silent Ransom (Silk Typhoon) – Threat Actor Profile

A threat profile of Silent Ransom (Silk Typhoon), a Chinese threat group using stealthy techniques to conduct intrusions, espionage, and extortion without deploying traditional ransomware payloads.

Scattered Spider (Octo Tempest) – Threat Actor Profile

A threat profile of Scattered Spider (Octo Tempest), a financially motivated threat actor known for advanced social engineering, SIM swapping, and ransomware deployment against major enterprises.

ProjectRelic – Threat Actor Profile

A threat profile of ProjectRelic, a low-visibility cyber threat group associated with opportunistic attacks on European infrastructure and research networks, operating with uncertain motives and unclear attribution.

Dunghill Leak

A threat profile of Dunghill Leak, a data extortion group known for targeting critical infrastructure and educational institutions, operating with unclear motives and inconsistent messaging.

MalasLocker

A threat profile of MalasLocker, a ransomware and data extortion group known for exploiting Zimbra vulnerabilities, targeting email servers, and demanding charitable donations instead of ransom payments.

XakNet Team

A threat profile of XakNet Team, a pro-Russian hacktivist group engaged in disinformation and cyber attacks against Ukrainian and NATO-aligned entities, with strong propaganda links and a focus on psychological impact.

SiegedSec

A threat profile of SiegedSec, a politically motivated hacktivist group known for disruptive cyber attacks, data leaks, and ideological campaigns targeting government, healthcare, and corporate entities.

KelvinSec

A threat profile of KelvinSec, a financially motivated threat group known for data leaks, opportunistic breaches, and underground marketplace activity targeting organisations across Europe and the Middle East.

UserSec Collective

A threat profile of UserSec Collective, a pro-Russian hacktivist group known for DDoS attacks, Telegram-based propaganda, and politically motivated disruptions targeting NATO-aligned countries and public services.

NoName057(16)

A threat profile of NoName057(16), a pro-Russian hacktivist group known for politically motivated DDoS campaigns targeting European governments, media, and infrastructure during the Ukraine conflict.

Anonymous

A threat profile of Anonymous, the decentralised hacktivist collective known for ideologically driven cyber operations, including DDoS attacks, data leaks, and defacement campaigns against governments and corporations.

Ghostwriter / UNC1151

A threat profile of Ghostwriter (UNC1151), a Belarus-aligned cyber influence operation and espionage actor targeting NATO states through credential theft, disinformation, and psychological operations.

Gallium

A threat profile of Gallium, a China-based cyber espionage group known for targeting telecommunications, government, and critical infrastructure across Asia, Europe, and the Middle East.

Sandworm

A threat profile of Sandworm, a destructive Russian GRU-linked cyber group responsible for attacks on Ukraine’s power grid, the NotPetya worm, and persistent campaigns targeting critical infrastructure across Europe.

TA406 / Phosphorus

A threat profile of TA406 (Phosphorus), an Iranian state-aligned threat group specialising in spear-phishing, credential harvesting, and long-term espionage against government, defence, and academic institutions.

Charming Kitten (APT35)

A threat profile of Charming Kitten (APT35), an Iranian state-aligned cyber espionage group known for credential harvesting, social engineering, and targeting academics, NGOs, and policymakers worldwide.
Scaling Threat Hunting with Automation and Orchestration

Mastering Threat Hunting: Scaling Threat Hunting with Automation and Orchestration

Threat Hunting Scenarios

Mastering Threat Hunting: Real-World Threat Hunting Scenarios

Threat Hunting

Mastering Threat Hunting: Essential Tools & Techniques for Effective Threat Hunting

Cyber Threat Intelligence

Building a SOC in 2025

Building a SOC in 2025 - We break down the costs associated with building and running a SOC for 1 year. Welcome to the 2025 breakdown.
Structured Threat Hunting Framework

Mastering Threat Hunting: Structured Threat Hunting Frameworks & Methodologies

Rayhunter: Detecting Cell-Site Simulators Across Europe

Discover Rayhunter, EFF's innovative tool enabling simple, affordable detection of IMSI catchers and malicious cell sites throughout the EU. Protect your privacy.
Strategic Threat Hunting

Mastering Threat Hunting: Understanding the Strategic Value of Threat Hunting

Everest Ransomware Group – Threat Actor Profile

An analysis of Everest, a data-extortion ransomware group operating on a double extortion model, targeting professional services, healthcare, and finance.
ico

UK ICO Investigates TikTok, Reddit, and Imgur Over Child Data Privacy Concerns

The UK ICO has launched investigations into TikTok, Reddit, and Imgur over child data privacy concerns, focusing on the protection of teenage users' personal information.
Info-Stealer Malware Threats

The Rising Threat of Info-Stealer Malware: 244M Compromised Passwords Exposed

Continuous Ransomware Validation

Why Continuous Validation is Essential for Your Incident Response

Discover why continuous ransomware validation is essential for proactive defence. Learn how it helps detect threats early and strengthens your incident response capabilities.

TWI

Northcott Global Solutions

Cloud Enterprises

Attias & Levy

Stay Informed. Stay Secure.

Subscribe to our newsletter.
Linkedin-in
© 2025 CyberDefence