Emerging Ransomware Threats and Securing Open-Source Email Infrastructure
An insights article highlighting the rise of unconventional ransomware groups targeting open-source email platforms like Zimbra, including a technical bulletin with actionable guidance for UK organisations.
The Quiet Breach: Understanding and Responding to Low-Volume Data Leak Actors
An insights article exploring the rise of low-volume data leak actors and offering a practical detection and response guide for non-encryption-based extortion threats targeting UK organisations.
Detection Advisory: ProjectRelic and Low-Noise Threat Actors in the UK and EU
A detection-focused advisory for research institutions and local governments concerned with low-noise threat actors such as ProjectRelic, including a technical bulletin on persistence, credential theft, and passive data exfiltration in academic and civic networks.
Stealth-State Actors: Silent Persistence, Slow Exfiltration, and Cloud-Based C2
An insights post exploring the stealthy methods of state-aligned threat actors, including Silent Ransom (Silk Typhoon), and how defenders can detect slow exfiltration and cloud-based command and control in enterprise environments.
DragonForce Threat Actor Profile
DragonForce is a cyber threat group that has rapidly evolved from hacktivist beginnings into a prolific ransomware operation. Active since mid-2023, it initially engaged in ideologically driven attacks but later shifted focus to financially motivated extortion.
APT41
A detailed threat profile of APT41, a China-based state-sponsored group known for blending cyber espionage with financially motivated attacks, targeting healthcare, telecoms, finance, and critical infrastructure globally.
APT28 (Fancy Bear)
A threat profile of APT28 (Fancy Bear), a Russian military intelligence-backed threat actor known for cyber espionage, disinformation, and targeted attacks on NATO, the UK, and global political infrastructure.
APT29 (Cozy Bear)
A threat profile of APT29 (Cozy Bear), a Russian state-sponsored cyber espionage group targeting Western governments, defence, and critical infrastructure with persistent, stealthy campaigns.
Trigona
1. Overview Trigona is a double extortion ransomware group that emerged publicly in late 2022, and quickly gained attention for its aggressive enterprise targeting, database-specific encryption techniques, and rapid tooling evolution. Trigona combines file encryption with data exfiltration, threatening public release of stolen information via its dark web leak site. Though less widely known than […]
Royal Ransomware Group
A threat profile of Royal, a sophisticated ransomware group targeting critical infrastructure and enterprises with double extortion tactics, custom tooling, and high-pressure ransom negotiations.
