Category: Threat Groups

In the ever-evolving landscape of cyber security, the identification and tracking of threat groups is a critical component in understanding the nature, intent, and capability of adversaries targeting organisations worldwide. These groups, often categorised by nation-state affiliation, financial motivation, or ideological alignment, operate with varying degrees of sophistication and persistence. Their activities can range from opportunistic attacks to highly targeted, prolonged campaigns designed to exfiltrate sensitive data, disrupt operations, or gain strategic advantage.

This section serves as a comprehensive reference to known threat groups, including advanced persistent threats (APTs), cybercriminal syndicates, hacktivist collectives, and emerging entities. Each profile includes a summary of the group’s known tactics, techniques, and procedures (TTPs), attribution assessments, notable incidents, and links to further intelligence.

Understanding these adversaries is essential not only for strategic threat modelling and risk assessment but also for refining defensive postures, enhancing detection capabilities, and informing incident response. As we continue to detect, defend, and disrupt malicious operations, intelligence on threat groups remains at the core of proactive cyber defence.

Play Ransomware Group

A threat profile of Play, a fast-rising ransomware group known for aggressive targeting, double extortion tactics, and cross-platform ransomware with ESXi support.

Akira Ransomware Group

A detailed threat profile of Akira, a ransomware group active since 2023 that targets organisations with double extortion attacks and cross-platform capabilities.

Hunters Ransomware Group

An in-depth profile of Hunters International, a data extortion ransomware group believed to have evolved from Hive, targeting healthcare, legal, and public sector organisations.

LockBit 3.0

A detailed analysis of LockBit 3.0, a highly active ransomware group known for double extortion, sophisticated tooling, and global attacks.

APT10 – Threat Actor Profile

A threat profile of APT10, a Chinese state-sponsored cyber espionage group known for global targeting of managed service providers, defence contractors, and research institutions through advanced supply chain compromise and credential theft.

Mustang Panda – Threat Actor Profile

A threat profile of Mustang Panda, a China-based cyber espionage group known for targeting government entities, NGOs, and think tanks across Europe and Asia using custom malware and socially engineered lures.

ProjectRelic – Threat Actor Profile

A threat profile of ProjectRelic, a low-visibility cyber threat group associated with opportunistic attacks on European infrastructure and research networks, operating with uncertain motives and unclear attribution.

Dunghill Leak

A threat profile of Dunghill Leak, a data extortion group known for targeting critical infrastructure and educational institutions, operating with unclear motives and inconsistent messaging.

Linkedin-in
© 2025 CyberDefence