Security Navigator 2025
Security Navigator 2025 Research-driven insights to build a safer digital society, Adopt a proactive security posture based on cyber threat intelligence.
Epidemiology Labs
Cyber Intelligence Bureau
Understanding the Future of Cybersecurity: Insights from the Cyber Intelligence Bureau, a division of Epidemiology Labs
The Cyber Intelligence Bureau deciphers cyberthreats for you.
Combining OSINT and HUMINT analysis, along with insights into cognitive activities, influence vectors and emotional intelligence, these in-depth reports provide a comprehensive view of cybercriminal activities and tactics.
Explore our Insights and IAPodcasts to anticipate attacks and strengthen your cyber defense.
RipperSec Group Report
RipperSec Group Report
The document presents an analysis of the hacker group RipperSec.
RipperSec is a pro-Palestinian and pro-Muslim hacktivist group that emerged in June 2023 and operates from Malaysia. This group has distinguished itself through its aggressive actions against French organizations. Their operations combine data leaks and DDoS attacks, often carried out using their custom tool, MegaMedusa. RipperSec is known for targeting critical infrastructure, government websites, educational institutions, businesses, and financial services. Their goal is to expose injustices, disrupt operations, and attract media attention to pressure governments and companies.
Hunt3r-Kill3rs Group Report
Hunt3r-Kill3rs Group Report
Hunt3r Kill3rs is a cybercriminal group that targets industrial control systems (ICS), critical infrastructure, and conducts espionage operations. Their attacks are launched against companies using exposed programmable logic controllers (PLCs) and video surveillance systems. The group recruits employees with specific industrial missions within certain companies and recruits external people with specialized skills in cybersecurity, programming, and social engineering to achieve their goals. They use sophisticated psychological tactics, including emotional intelligence, to manipulate victims through methods such as emotional blackmail, guilt-tripping, and intimidation.
TWELVE Group Report
TWELVE Group Report
The presence of actors with political motivations makes the cyberthreat landscape increasingly complex. It is crucial to attempt to counter sophisticated attacks designed to generate destructive actions motivated by ideologies and political grievances. As opponents of Russia's regime, the TWELVE group is extremely well-informed about European geopolitical situations and potentially poses a danger following certain real-world decisions that could be made.
UserSec Report
UserSec Team Report
UserSec is a pro-Russian hacktivist group formed in 2023, primarily targeting Western countries and NATO members. They use DDoS attacks and data leaks as tactics. Although no official link to the Russian government has been established, their actions align with Russia's geopolitical interests. The group collaborates with other pro-Russian collectives like KillNet, and offers paid DDoS services as well as hacking training.
DarkStormTeam Report
DarkStorm Team (aka: DarkStrom Team)
Dark Storm Team is a pro-Palestinian hacktivist group that emerged in 2023, targeting Israel, Western countries, and NATO. Their activities combine political and commercial motivations, including DDoS attacks, data leaks, and paid cybercriminal services. Although seemingly pro-Palestinian, their actions also appear aligned with Russian geopolitical interests.
Fatemiyoun Electronic Team Report
Fatemiyoun Electronic Team (FFE)
Fatemiyoun Electronic Team (FFE) is a pro-Iranian hacktivist group created in 2020. Their activities include attacks on social media, website hacking, and disinformation campaigns, aimed at defending Shia Islam and promoting anti-American sentiments. Controlled by Kataib Hezbollah, an Iranian-backed Iraqi militia, FFE collaborates with other pro-Iranian entities. Recently, they claimed responsibility for cyberattacks against some government websites. The group represents a cyber threat aligned with Iran's geopolitical interests.
NoName057(16) Report
NoName057(16) Group
NoName057(16) is a pro-Russian hacktivist group created in 2022, specializing in DDoS attacks. They primarily target Ukraine, NATO countries, and organizations critical of Russia. The group uses Telegram for communication, has developed its own DDoS tool called DDOSIA, and recruits volunteers through the dark web, paying them in cryptocurrency. Their motivations align with Russian geopolitical interests. Although their attacks are usually short-lived, they represent a significant cyber threat capable of temporarily disrupting important online services.
