Category: Threat Groups

In the ever-evolving landscape of cyber security, the identification and tracking of threat groups is a critical component in understanding the nature, intent, and capability of adversaries targeting organisations worldwide. These groups, often categorised by nation-state affiliation, financial motivation, or ideological alignment, operate with varying degrees of sophistication and persistence. Their activities can range from opportunistic attacks to highly targeted, prolonged campaigns designed to exfiltrate sensitive data, disrupt operations, or gain strategic advantage.

This section serves as a comprehensive reference to known threat groups, including advanced persistent threats (APTs), cybercriminal syndicates, hacktivist collectives, and emerging entities. Each profile includes a summary of the group’s known tactics, techniques, and procedures (TTPs), attribution assessments, notable incidents, and links to further intelligence.

Understanding these adversaries is essential not only for strategic threat modelling and risk assessment but also for refining defensive postures, enhancing detection capabilities, and informing incident response. As we continue to detect, defend, and disrupt malicious operations, intelligence on threat groups remains at the core of proactive cyber defence.

MalasLocker

A threat profile of MalasLocker, a ransomware and data extortion group known for exploiting Zimbra vulnerabilities, targeting email servers, and demanding charitable donations instead of ransom payments.

XakNet Team

A threat profile of XakNet Team, a pro-Russian hacktivist group engaged in disinformation and cyber attacks against Ukrainian and NATO-aligned entities, with strong propaganda links and a focus on psychological impact.

SiegedSec

A threat profile of SiegedSec, a politically motivated hacktivist group known for disruptive cyber attacks, data leaks, and ideological campaigns targeting government, healthcare, and corporate entities.

KelvinSec

A threat profile of KelvinSec, a financially motivated threat group known for data leaks, opportunistic breaches, and underground marketplace activity targeting organisations across Europe and the Middle East.

UserSec Collective

A threat profile of UserSec Collective, a pro-Russian hacktivist group known for DDoS attacks, Telegram-based propaganda, and politically motivated disruptions targeting NATO-aligned countries and public services.

NoName057(16)

A threat profile of NoName057(16), a pro-Russian hacktivist group known for politically motivated DDoS campaigns targeting European governments, media, and infrastructure during the Ukraine conflict.

Anonymous

A threat profile of Anonymous, the decentralised hacktivist collective known for ideologically driven cyber operations, including DDoS attacks, data leaks, and defacement campaigns against governments and corporations.

Ghostwriter / UNC1151

A threat profile of Ghostwriter (UNC1151), a Belarus-aligned cyber influence operation and espionage actor targeting NATO states through credential theft, disinformation, and psychological operations.

Gallium

A threat profile of Gallium, a China-based cyber espionage group known for targeting telecommunications, government, and critical infrastructure across Asia, Europe, and the Middle East.

Sandworm

A threat profile of Sandworm, a destructive Russian GRU-linked cyber group responsible for attacks on Ukraine’s power grid, the NotPetya worm, and persistent campaigns targeting critical infrastructure across Europe.

Linkedin-in
© 2025 CyberDefence