Threat Group: Storm-0501 Threat Type: Ransomware Exploited Vulnerabilities: Zoho ManageEngine (CVE-2022-47966), Citrix NetScaler (CVE-2023-4966), ColdFusion (CVE-2023-29300) Malware Used: Embargo Ransomware Threat Score: High (8.5/10) — Due to significant lateral movement across hybrid cloud environments, strong persistence mechanisms, and critical data exfiltration. Last Threat Observation: September 2024 by Microsoft Threat

Threat Group: DragonForce Threat Type: Ransomware (Ransomware-as-a-Service - RaaS) Exploited Vulnerabilities: Varies, but primarily through credential theft and unpatched systems Malware Used: Modified LockBit and Conti ransomware variants Threat Score: High (8.2/10) – Due to its use of sophisticated double extortion and advanced encryption techniques. Last Threat Observation: September

Threat Details and Score Threat Group: Vanilla Tempest (also known as Vice Society) Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Initial access via Gootloader malware, Remote Desktop Protocol (RDP) abuse, and Windows Management Instrumentation (WMI) for lateral movement Malware Used: INC ransomware, Supper backdoor, AnyDesk, MEGA Threat Score: High (8.7/

Threat Group: Kransom Threat Type: Ransomware Exploited Vulnerabilities: Unpatched software vulnerabilities, phishing Malware Used: Kransom Ransomware Threat Score: High (8/10) — Advanced evasion techniques and use of legitimate digital certificates make detection challenging Last Threat Observation: September 2024, verified through multiple cybersecurity sources Overview Kransom ransomware is a newly identified

Threat Details and Score Threat Group: Meow, also known as MeowCorp and MeowLeaks, a ransomware group derived from NB65 (itself based on Conti v2's leaked source code). Threat Type: Ransomware/Data Extortion. Exploited Vulnerabilities: Weak RDP configurations, phishing campaigns, compromised software (e.g., VMware and Jenkins), deceptive downloads,

Threat Group: Scattered Spider Threat Type: Cybercrime Group (Focused on Cloud Environments, Ransomware) Exploited Vulnerabilities: Azure Cross-Tenant Synchronization, Federated Identity Providers, Cloud Platforms Malware Used: AlphV ransomware Threat Score: High (8.8/10) — Due to its sophisticated exploitation of cloud-based systems, privilege escalation methods, and use of advanced tools for

Threat Group: NoName (formerly known as CosmicBeetle) Threat Type: Ransomware (Part of the Spacecolon malware family) Exploited Vulnerabilities: CVE-2017-0144 (EternalBlue), CVE-2023-27532 (Veeam Backup), CVE-2020-1472 (ZeroLogon), and others Malware Used: ScRansom, LockBit variants, RansomHub Threat Score: High (8.5/10) – Due to its focus on SMBs and evolving encryption methods Last

Threat Group: Phobos Ransomware Operators Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Exposed Remote Desktop Protocol (RDP) Ports, Weak Passwords, Phishing Attacks Malware Used: Phobos Ransomware Overview: Phobos ransomware remains a significant and evolving threat, particularly targeting critical sectors such as healthcare, government, and education. Since its emergence in 2019, Phobos

Threat Group: - Qilin (formerly known as "Agenda") Threat Type: - Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: - Zero-day vulnerabilities, VPN access without multi-factor authentication (MFA), spear-phishing, and remote monitoring tools Malware Used: - Qilin Ransomware, with variants developed in Golang and Rust Threat Score: - High (8.8/10)

Overview KOK08 ransomware, identified as a variant of the Matrix ransomware family, is involved in malicious activities including file encryption and data exfiltration. This ransomware uses sophisticated methods that are consistent with the broader trends observed in 2024, where targeted attacks on critical infrastructure and high-value targets have become more