Threat-Actor

An Advanced Persistent Threat (APT) refers to a highly capable and well-resourced threat actor that conducts prolonged, targeted cyber operations. This SECMONS glossary entry explains what defines an APT, how APT campaigns operate, and how defenders should assess APT-level risk.

A Botnet is a network of compromised devices remotely controlled by an attacker for coordinated malicious activity. This SECMONS glossary entry explains how botnets operate, how they are built, and how they are used in DDoS attacks, spam campaigns, and ransomware distribution.

A Campaign is a coordinated series of malicious activities conducted by a threat actor to achieve strategic objectives. This SECMONS glossary entry explains how campaigns are structured, how they are tracked, and why campaign analysis is central to cybersecurity intelligence.

Ransomware is a type of malicious software that encrypts data or threatens publication to extort payment from victims. This SECMONS glossary entry explains how ransomware operates, common attack stages, and why modern ransomware campaigns combine encryption with data exfiltration.

A Threat Actor is an individual, group, or organization that conducts malicious cyber activity. This SECMONS glossary entry explains threat actor types, motivations, capabilities, and how they are classified in cybersecurity intelligence reporting.

Technical profile of the Akira ransomware group, a cybercrime operation responsible for targeted intrusions and ransomware attacks affecting organizations across multiple industries.

Technical profile of the Black Basta ransomware group, a cybercrime operation responsible for ransomware attacks and data extortion campaigns targeting enterprise organizations worldwide.

Technical profile of the Play ransomware group, a cybercrime operation responsible for targeted intrusions and data extortion campaigns affecting organizations across multiple industries.

Technical profile of the Royal ransomware group, a cybercrime operation responsible for targeted intrusions and ransomware attacks against enterprise organizations across multiple industries.

Technical profile of the Scattered Spider threat actor, a cybercrime group known for social engineering operations and targeted intrusions against enterprise organizations.

Technical profile of the BlackCat ransomware group, also known as ALPHV, a cybercrime operation responsible for ransomware attacks and data extortion campaigns targeting organizations worldwide.

Technical profile of the Hive ransomware group, a cybercrime operation responsible for ransomware attacks and data extortion campaigns targeting organizations across multiple industries.

Technical profile of the Conti ransomware group, a cybercrime operation responsible for large-scale ransomware attacks and data extortion campaigns targeting organizations worldwide.

Technical profile of the DarkSide ransomware group, a cybercrime operation known for conducting ransomware and data extortion campaigns against enterprise organizations and critical infrastructure.

Technical profile of the Cl0p ransomware group, a cybercrime operation responsible for large-scale data extortion campaigns targeting enterprise organizations worldwide.

Technical profile of the REvil ransomware group, also known as Sodinokibi, a cybercrime operation responsible for ransomware attacks and large-scale data extortion campaigns targeting organizations worldwide.

Technical profile of the Lazarus Group, a threat actor associated with cyber espionage operations and financially motivated cyber campaigns targeting organizations worldwide.

Technical profile of APT28, also known as Fancy Bear and Sofacy, a threat actor associated with cyber espionage campaigns targeting governments, defense organizations, and political institutions.