Cybercrime

Analysis of the infostealer logs economy in 2026, covering credential harvesting, underground markets, and how stolen data fuels cybercrime operations.

Analysis of the Initial Access Broker ecosystem in 2026, including access monetization, ransomware supply chains, and enterprise compromise patterns.

SECMONS Threat Actors provides structured intelligence profiles covering adversary groups, targeting patterns, tactics, campaigns, and defensive implications for security teams.

A Threat Actor is an individual, group, or organization that conducts malicious cyber activity. This SECMONS glossary entry explains threat actor types, motivations, capabilities, and how they are classified in cybersecurity intelligence reporting.

In-depth analysis of ransomware-as-a-service operations, affiliate models, and how RaaS drives large-scale cybercrime in 2026.

Technical profile of the Akira ransomware group, a cybercrime operation responsible for targeted intrusions and ransomware attacks affecting organizations across multiple industries.

Technical profile of the Black Basta ransomware group, a cybercrime operation responsible for ransomware attacks and data extortion campaigns targeting enterprise organizations worldwide.

Technical profile of the Play ransomware group, a cybercrime operation responsible for targeted intrusions and data extortion campaigns affecting organizations across multiple industries.

Technical profile of the Royal ransomware group, a cybercrime operation responsible for targeted intrusions and ransomware attacks against enterprise organizations across multiple industries.

Technical profile of the Scattered Spider threat actor, a cybercrime group known for social engineering operations and targeted intrusions against enterprise organizations.

Technical profile of the Hive ransomware group, a cybercrime operation responsible for ransomware attacks and data extortion campaigns targeting organizations across multiple industries.

Technical profile of the Conti ransomware group, a cybercrime operation responsible for large-scale ransomware attacks and data extortion campaigns targeting organizations worldwide.

Technical profile of the DarkSide ransomware group, a cybercrime operation known for conducting ransomware and data extortion campaigns against enterprise organizations and critical infrastructure.

LockBit is a major ransomware operation known for double extortion tactics, large-scale enterprise attacks, and an affiliate-driven ransomware-as-a-service model.

Technical profile of the Cl0p ransomware group, a cybercrime operation responsible for large-scale data extortion campaigns targeting enterprise organizations worldwide.

Double extortion is a ransomware tactic where attackers steal sensitive data before encrypting systems and threaten to publish the information if the ransom is not paid.

Technical profile of the REvil ransomware group, also known as Sodinokibi, a cybercrime operation responsible for ransomware attacks and large-scale data extortion campaigns targeting organizations worldwide.

Infostealer malware is a category of malicious software designed to harvest sensitive information such as credentials, browser data, financial records, and authentication tokens from compromised systems.

Analytical research explaining why phishing attacks remain one of the most successful intrusion methods despite modern security controls, examining human behavior, attacker infrastructure, and credential harvesting ecosystems.