Pro-Russian Cyber Activity: Hybrid Threats and the UK Response
An insights article assessing pro-Russian cyber activity with a situational briefing on hybrid threats to UK-aligned institutions. Includes a side-by-side comparison of key threat groups including KillNet, NoName057(16), and XakNet.
Emerging Ransomware Threats and Securing Open-Source Email Infrastructure
An insights article highlighting the rise of unconventional ransomware groups targeting open-source email platforms like Zimbra, including a technical bulletin with actionable guidance for UK organisations.
Detection Advisory: ProjectRelic and Low-Noise Threat Actors in the UK and EU
A detection-focused advisory for research institutions and local governments concerned with low-noise threat actors such as ProjectRelic, including a technical bulletin on persistence, credential theft, and passive data exfiltration in academic and civic networks.
DragonForce Threat Actor Profile
DragonForce is a cyber threat group that has rapidly evolved from hacktivist beginnings into a prolific ransomware operation. Active since mid-2023, it initially engaged in ideologically driven attacks but later shifted focus to financially motivated extortion.
APT41
A detailed threat profile of APT41, a China-based state-sponsored group known for blending cyber espionage with financially motivated attacks, targeting healthcare, telecoms, finance, and critical infrastructure globally.
APT28 (Fancy Bear)
A threat profile of APT28 (Fancy Bear), a Russian military intelligence-backed threat actor known for cyber espionage, disinformation, and targeted attacks on NATO, the UK, and global political infrastructure.
APT29 (Cozy Bear)
A threat profile of APT29 (Cozy Bear), a Russian state-sponsored cyber espionage group targeting Western governments, defence, and critical infrastructure with persistent, stealthy campaigns.
Trigona
1. Overview Trigona is a double extortion ransomware group that emerged publicly in late 2022, and quickly gained attention for its aggressive enterprise targeting, database-specific encryption techniques, and rapid tooling evolution. Trigona combines file encryption with data exfiltration, threatening public release of stolen information via its dark web leak site. Though less widely known than […]
Royal Ransomware Group
A threat profile of Royal, a sophisticated ransomware group targeting critical infrastructure and enterprises with double extortion tactics, custom tooling, and high-pressure ransom negotiations.
NoEscape
A threat profile of NoEscape, a ransomware group known for enterprise targeting, cross-platform payloads, and aggressive extortion tactics involving encryption and data theft.
