Category: Threat Groups

In the ever-evolving landscape of cyber security, the identification and tracking of threat groups is a critical component in understanding the nature, intent, and capability of adversaries targeting organisations worldwide. These groups, often categorised by nation-state affiliation, financial motivation, or ideological alignment, operate with varying degrees of sophistication and persistence. Their activities can range from opportunistic attacks to highly targeted, prolonged campaigns designed to exfiltrate sensitive data, disrupt operations, or gain strategic advantage.

This section serves as a comprehensive reference to known threat groups, including advanced persistent threats (APTs), cybercriminal syndicates, hacktivist collectives, and emerging entities. Each profile includes a summary of the group’s known tactics, techniques, and procedures (TTPs), attribution assessments, notable incidents, and links to further intelligence.

Understanding these adversaries is essential not only for strategic threat modelling and risk assessment but also for refining defensive postures, enhancing detection capabilities, and informing incident response. As we continue to detect, defend, and disrupt malicious operations, intelligence on threat groups remains at the core of proactive cyber defence.

DragonForce Threat Actor Profile

DragonForce is a cyber threat group that has rapidly evolved from hacktivist beginnings into a prolific ransomware operation. Active since mid-2023, it initially engaged in ideologically driven attacks but later shifted focus to financially motivated extortion.

APT41

A detailed threat profile of APT41, a China-based state-sponsored group known for blending cyber espionage with financially motivated attacks, targeting healthcare, telecoms, finance, and critical infrastructure globally.

APT28 (Fancy Bear)

A threat profile of APT28 (Fancy Bear), a Russian military intelligence-backed threat actor known for cyber espionage, disinformation, and targeted attacks on NATO, the UK, and global political infrastructure.

APT29 (Cozy Bear)

A threat profile of APT29 (Cozy Bear), a Russian state-sponsored cyber espionage group targeting Western governments, defence, and critical infrastructure with persistent, stealthy campaigns.

Trigona

1. Overview Trigona is a double extortion ransomware group that emerged publicly in late 2022, and quickly gained attention for its aggressive enterprise targeting, database-specific encryption techniques, and rapid tooling evolution. Trigona combines file encryption with data exfiltration, threatening public release of stolen information via its dark web leak site. Though less widely known than […]

Royal Ransomware Group

A threat profile of Royal, a sophisticated ransomware group targeting critical infrastructure and enterprises with double extortion tactics, custom tooling, and high-pressure ransom negotiations.

NoEscape

A threat profile of NoEscape, a ransomware group known for enterprise targeting, cross-platform payloads, and aggressive extortion tactics involving encryption and data theft.

DarkVault

A threat profile of DarkVault, a stealthy ransomware group using double extortion, custom tooling, and targeted campaigns against data-rich organisations in Europe and the UK.

RansomHouse

A threat profile of RansomHouse, a data-focused extortion group known for avoiding encryption and instead exfiltrating and leaking sensitive data to pressure victims into ransom payments.

Linkedin-in
© 2025 CyberDefence