CASE STUDIES

Executive Summary SPYGAME is not a hacking group. It is not whistleblowing. It is not political activism. SPYGAME is a criminal data exploitation marketplace that profits directly from the non-consensual exposure of private images, live hacked IP-camera surveillance feeds, and stolen personal data - targeting women, minors, and private individuals across more than 30 countries. The platform operates on a Leak-and-Earn model - a structured criminal system that financially in

Executive Summary The cybersecurity landscape in 2023 saw the emergence of several new ransomware groups, but few demonstrated the structural sophistication of CiphBit . First observed in April 2023, this group quickly established itself as a credible threat to businesses across Europe and the United States. Unlike opportunistic actors, CiphBit operates with a clear business model, defined affiliate structure, and a calculated approach to victim pressure. For executives and d

Executive Summary The Daixin Team is a financially motivated cybercriminal group responsible for multiple high-impact Daixin Team ransomware operations since mid-2022. Classified as a double-extortion ransomware actor, the group conducts Daixin Team ransomware attacks by combining system encryption with large-scale data theft and coercive dark web exposure. The Daixin Team ransomware attack model is designed to exploit both operational disruption and data exposure risk, ma

Abyss Ransomware Group Abyss Locker (also known as abyss locker ransomware , abyss locker group , or abysslocker ) is a sophisticated double-extortion ransomware operation that first emerged in 2023. It encrypts victim files, exfiltrates sensitive abyss locker data , and threatens to publish abyss locker victims information and abyss locker stolen data on abyss locker dark web leak sites if ransoms are not paid. The group excels at targeting critical infrastructure, levera

The Clop ransomware group also written as Cl0p is one of the most consequential cyber-extortion actors of the last decade, not because of technical novelty, but because of how deliberately it reshaped the ransomware business model.