Threat Group: Unknown (Closed group suspected) Threat Type: Ransomware with espionage-like capabilities Exploited Vulnerabilities: SonicWall VPN (CVE-2024-40766), Veeam RCE (CVE-2024-40711), possible Exchange vulnerabilities Malware Used: Fog Ransomware, Syteca (Ekran) client, Adaptix Beacon, GC2, Stowaway, 7-Zip, MegaSync Threat Score: 🔴 High (8.0/10) – Due to advanced persistence techniques, espionage-style data theft,
Threat Group: Azote Group / UNC4696 Threat Type: Ransomware (Double Extortion), Initial Access Broker Exploited Vulnerabilities: Malvertising, DLL Sideloading, Vulnerable Drivers, Social Engineering Malware Used: NitrogenLoader, NitrogenInstaller, NitrogenStager, Sliver, Cobalt Strike, BlackCat/ALPHV, KeeLoader Threat Score: 🔥 Critical (9.1/10) – Due to its modular, evasive attack chain, and confirmed links to
Threat Group: - Dmc Threat Type: - Ransomware Exploited Vulnerabilities: - None identified (Phishing and RDP compromise suspected) Malware Used: - PE32 Ransomware Threat Score: - 🔴 High (7.5/10) – Due to Telegram-based C2, data exfiltration, and rapid file encryption Last Threat Observation: - 23 April 2025 Overview PE32 ransomware
Threat Group: MedusaLocker Threat Type: Ransomware Exploited Vulnerabilities: No specific vulnerabilities identified; relies on common malware distribution methods Malware Used: ETHAN Ransomware (variant of MedusaLocker) Threat Score: High (9.0/10) – Due to its double-extortion tactics, data encryption capabilities, and impact on critical business operations. Last Threat Observation: March 02,
Threat Group – Vgod Crew Threat Type – Ransomware Exploited Vulnerabilities – Unpatched remote code execution flaws, vulnerabilities in VPNs, weak passwords Malware Used – Vgod Ransomware, Custom Trojanized Toolsets Threat Score – High (8.7 out of 10) – Reflecting advanced encryption, double extortion tactics, cross-platform targeting, and alignment with broader ransomware trends Last Threat