Category: Threat Groups

In the ever-evolving landscape of cyber security, the identification and tracking of threat groups is a critical component in understanding the nature, intent, and capability of adversaries targeting organisations worldwide. These groups, often categorised by nation-state affiliation, financial motivation, or ideological alignment, operate with varying degrees of sophistication and persistence. Their activities can range from opportunistic attacks to highly targeted, prolonged campaigns designed to exfiltrate sensitive data, disrupt operations, or gain strategic advantage.

This section serves as a comprehensive reference to known threat groups, including advanced persistent threats (APTs), cybercriminal syndicates, hacktivist collectives, and emerging entities. Each profile includes a summary of the group’s known tactics, techniques, and procedures (TTPs), attribution assessments, notable incidents, and links to further intelligence.

Understanding these adversaries is essential not only for strategic threat modelling and risk assessment but also for refining defensive postures, enhancing detection capabilities, and informing incident response. As we continue to detect, defend, and disrupt malicious operations, intelligence on threat groups remains at the core of proactive cyber defence.

BlackCat (ALPHV)

A threat profile of BlackCat (ALPHV), a technically advanced ransomware group known for multi-extortion tactics, cross-platform payloads, and attacks on critical infrastructure across the UK and beyond.

Cl0p

A comprehensive threat profile of Cl0p, a data-extortion ransomware group known for exploiting zero-day vulnerabilities and orchestrating large-scale attacks on enterprise file transfer systems.

KillSec

A threat profile of KillSec, a politically motivated hacktivist group known for DDoS attacks, website defacement, and data leaks targeting Western governments and critical services.

Rhysida Ransomware Group

A detailed threat profile of Rhysida, a politically ambiguous ransomware group known for public sector targeting, double extortion, and its highly visible dark web leak site.

Incransom Ransomware Group

A threat profile of Incransom, an emerging ransomware group known for targeting small-to-mid-sized enterprises with fast-impact encryption and opportunistic extortion campaigns.

MetaEncryptor Ransomware Group

A detailed threat profile of MetaEncryptor, a ransomware group using advanced evasion techniques, double extortion, and targeted enterprise-level campaigns.

Crypto24 Ransomware Group

A threat profile of Crypto24, an emerging ransomware group using targeted double extortion attacks, low-volume campaigns, and deceptive payment infrastructure.

Hellcat Ransomware Group

A threat profile of Hellcat, a rapidly emerging ransomware group using double extortion and targeting enterprise infrastructure with tailored payloads and opportunistic campaigns.

Medusa Ransomware Group

An in-depth threat profile of the Medusa ransomware group, known for destructive attacks, public leak extortion, and its fast-growing list of international victims.

Sarcoma Ransomware Group

A threat profile of Sarcoma, an emerging ransomware group using double extortion and opportunistic targeting, linked to legacy industrial malware infrastructure.

Linkedin-in
© 2025 CyberDefence