EN / ES

Insights

Insights desde la primera línea de la ciberdefensa

Investigación, notas de ingeniería de detección y lecciones de respuesta a incidentes.

Habla con nuestros expertos

7 Apr 2025

Akira Ransomware Group

Akira is a financially motivated ransomware group that first emerged in early 2023. The group rapidly gained attention for its aggressive double extortion model, modern ransomware tooling, and ability to target both Windows and Linux environments. Akira is believed to operate a closed Ransomware-as-a-Service (RaaS) model, wherein trusted affiliates execute attacks while the core team provides infrastructure, encryption payloads, and negotiation services.

Read article

7 Apr 2025

Anonymous

Anonymous is a loosely organised and decentralised hacktivist collective that has operated under various banners since the mid-2000s. Unlike state-sponsored advanced persistent threat (APT) groups, Anonymous is not a unified organisation but a label adopted by different actors who align with shared ideals of anti-authoritarianism, freedom of information, and resistance to censorship or perceived injustice.

Read article

7 Apr 2025

APT10 – Threat Actor Profile

APT10, also known as Stone Panda, CVNX, Red Apollo, and MenuPass, is a Chinese state-sponsored threat actor that has been active since at least 2009. Widely attributed to China’s Ministry of State Security (MSS), APT10 is best known for conducting long-term espionage campaigns targeting defence, technology, healthcare, and managed service provider (MSP) networks.

Read article

7 Apr 2025

APT28 (Fancy Bear)

APT28, also known as Fancy Bear, Sofacy, STRONTIUM, and Sednit, is a Russian state-sponsored cyber threat group attributed to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). Active since at least 2007, APT28 is best known for its role in high-profile espionage, sabotage, and influence operations, including election interference, cyber warfare, and persistent attacks on NATO-aligned states.

Read article

7 Apr 2025

APT29 (Cozy Bear)

APT29, also known as Cozy Bear, The Dukes, or Midnight Blizzard, is a Russian state-sponsored cyber espionage group widely attributed to Russia’s Foreign Intelligence Service (SVR). Known for its advanced persistence, operational security, and stealthy intelligence-gathering operations, APT29 has been active since at least 2008, consistently targeting Western governments, diplomatic missions, think tanks, and defence contractors.

Read article

7 Apr 2025

APT41

APT41—also known as Double Dragon, Barium, Winnti, and Blackfly—is a Chinese state-sponsored cyber threat group that uniquely combines state-directed espionage with financially motivated cybercrime. Operating since at least 2012, APT41 is considered one of the most versatile and prolific threat actors in the global threat landscape, known for attacking private sector companies, government institutions, and critical infrastructure across multiple continents.

Read article

7 Apr 2025

BlackCat (ALPHV)

BlackCat, also known by its alias ALPHV, is one of the most sophisticated and dangerous ransomware groups currently active. First observed in late 2021, BlackCat has rapidly built a reputation for technical innovation, aggressive extortion tactics, and high-value targeting. It was the first major ransomware group to write its payload in Rust, allowing it to execute across both Windows and Linux/ESXi environments with high performance and stealth.

Read article

7 Apr 2025

Charming Kitten (APT35)

Charming Kitten, also known as APT35, Phosphorus, Newscaster, and TA453, is a state-sponsored cyber espionage group linked to the Islamic Revolutionary Guard Corps (IRGC) of Iran. Active since at least 2014, Charming Kitten is known for its targeted credential harvesting, social engineering, and espionage operations against individuals and organisations in the academic, governmental, defence, human rights, and journalistic sectors.

Read article

7 Apr 2025

Cl0p

Cl0p is a high-impact ransomware group operating under a double extortion model, best known for its targeted exploitation of enterprise file transfer systems and public data leaks involving some of the world’s largest organisations. Active since at least 2019, Cl0p (also styled as Clop) operates a sophisticated, financially motivated operation that combines custom ransomware tooling, advanced vulnerability exploitation, and a well-maintained leak portal.

Read article

7 Apr 2025

Crypto24 Ransomware Group

Crypto24 is an emerging ransomware group first identified in early 2024, known for its data theft and encryption-based extortion campaigns. Operating with a quiet but deliberate methodology, Crypto24 favours low-volume, high-impact attacks, typically against small to mid-sized enterprises with moderate cybersecurity maturity and valuable operational data.

Read article

7 Apr 2025

DarkVault

DarkVault is a relatively new but increasingly active ransomware group, first identified in late 2023, and quickly establishing itself as a quiet but formidable actor in the double extortion space. The group targets medium to large organisations across Europe, the UK, and North America, with an emphasis on finance, professional services, logistics, legal, and technology sectors.

Read article

7 Apr 2025

Dunghill Leak

Dunghill Leak is a data extortion group that emerged publicly in 2023. The group became known for targeting government agencies, educational institutions, and critical infrastructure organisations, primarily in Europe and North America. Unlike most ransomware groups, Dunghill Leak appears to focus entirely on data theft and public exposure, with little to no evidence of file encryption.

Read article