Your trusted hub for learning, developing, and mastering the skills that shape tomorrow's digital defense.
Discover NowAngry Likho is a rapidly evolving pro-Russian cyber espionage group targeting Eastern European governments and defense organizations. This in-depth threat intelligence report analyzes its motivations, TTPs, infrastructure, and campaigns through 2025.
GALLIUM is a China state-sponsored advanced persistent threat group active since at least 2012, specializing in cyber espionage against telecommunications, government, and critical infrastructure. Recent campaigns across Africa, Southeast Asia, and Europe highlight its use of legitimate tools like SoftEther VPN and modular malware such as ShadowPad and PlugX.
TraderTraitor—also known as Jade Sleet and UNC4899—is one of North Korea’s most aggressive financial APT groups. Responsible for major crypto thefts, including the $1.5B ByBit hack, it targets blockchain developers, exchanges, and fintech firms worldwide.
Handala is a pro-Palestinian hacktivist collective active since 2022, conducting defacements, DDoS attacks, and politically motivated data leaks targeting Israeli, U.S., and Western entities during regional conflicts.
Moonlight Tiger (APT-C-09) is a long-running India-linked cyber-espionage group conducting spearphishing, modular malware campaigns, and intelligence-gathering operations across South and East Asia. Targeting government, defense, academic, and foreign policy institutions, the group continues to evolve through living-off-the-land techniques, custom backdoors, and cloud-enabled C2 infrastructure.
WageMole is a North Korean APT active since 2018, operating at the intersection of cyber-espionage and financial theft. The group targets cryptocurrency, fintech, and defense sectors using fake recruiters, supply-chain attacks, and AI-enhanced phishing. Learn how this hybrid threat operates.
Void Manticore is an Iran-aligned APT group conducting hybrid cyber operations, destructive wiper attacks, and politically motivated leak campaigns targeting Israel, NATO members, NGOs, and critical infrastructure sectors.
Sandworm (APT44) is Russia’s most destructive state-sponsored cyber unit. Known for NotPetya, Industroyer, and AcidPour, the group targets critical infrastructure across Ukraine, NATO states, and Europe, combining cyber sabotage with military objectives.
APT37 (Famous Chollima) remains one of North Korea’s most active and adaptive cyberespionage groups. This analysis highlights their 2025 evolution—cloud persistence, AI-driven social engineering, new RAT variants, and global targeting across governments, defense, research, and policy organizations.
This Geopolitical Countdown analysis reveals how the 2025 cybercrime ecosystem is evolving. From Initial Access Brokers to leaked credentials, MaaS/RaaS platforms, and cloud-targeting exploit kits, this report explores the dark web’s most traded assets and what they mean for enterprise cyber risk.
