Security Navigator 2025
Security Navigator 2025 Research-driven insights to build a safer digital society, Adopt a proactive security posture based on cyber threat intelligence.
Epidemiology Labs
Cyber Intelligence Bureau
Understanding the Future of Cybersecurity: Insights from the Cyber Intelligence Bureau, a division of Epidemiology Labs
The Cyber Intelligence Bureau deciphers cyberthreats for you.
Combining OSINT and HUMINT analysis, along with insights into cognitive activities, influence vectors and emotional intelligence, these in-depth reports provide a comprehensive view of cybercriminal activities and tactics.
Explore our Insights and AI-Podcasts to anticipate attacks and strengthen your cyber defense.
KillNet: Anatomy of a Hybrid Cyber Threat Report
KillNet: Anatomy of a Hybrid Cyber Threat Report
The document presents an analysis of the KillNet: Anatomy of a Hybrid Cyber Threat
PMHC KillNet and Black Skills are two cybercriminal entities affiliated with the pro-Russian hacktivist group KillNet.
PMHC KillNet specializes in noisy and high-profile attacks, such as DDoS, to disrupt online services and spread political messages.
Black Skills, on the other hand, is a more technical division, focused on sophisticated operations such as data exfiltration and malware deployment.
Together, they target strategic sectors (governments, healthcare, energy) to destabilize adversary countries and support Russia's geopolitical objectives.
Their organized structure and diverse tactics make them key players in the pro-Russian cybercrime landscape.
The Pro-Palestine Hackers Movement (PPHM) Collective Report
The Pro-Palestine Hackers Movement (PPHM) Collective Report
The document presents an analysis of the Pro-Palestine Hackers Movement Collective.
The Pro-Palestine Hackers Movement (PPHM) is an active and well-organized hacktivist collective, motivated by the defense of the Palestinian cause and opposition to Israel's supporters.
Its targets include governments, critical infrastructure, and media in several countries, with methods primarily focused on DDoS attacks, website defacement, unauthorized access to smartphones, and disruption of industrial systems.
The group is part of a larger coalition, the Holy League, and collaborates with other collectives to maximize its impact.
Z-Pentest Alliance Report
Z-Pentest Alliance Report
The document presents an analysis of the Z-Pentest Group Alliance.
Z-Pentest claims to be a pro-Russia Serbia-based group opposed to the West and the Ukrainian government.
Z-Pentest combines advanced technical skills, intimidation tactics and a clear geopolitical strategy to conduct targeted cyberattacks against critical infrastructures (gas, oil, water).
Their ability to penetrate OT systems (ICS, SCADA, ModBus) and manipulate operational functions makes them a formidable player in the cyber threat landscape.
Holy League Collective Report
Holy League Collective Report
The document presents an analysis of the Holy League Collective.
The Holy League is a hacktivist collective driven by its commitment to defending Christian values, preserving Western civilization, and opposing progressive movements, secularism, and multiculturalism. Motivated by an ultra-conservative vision, the group carries out symbolic cyberattacks to intimidate targets and spread its message. It may collaborate with like-minded groups such as Anonymous, KillNet, GhostSec, and SiegSec, often operating as a decentralized network of independent cells.
The Holy League targets sectors including LGBTQ+ organizations, abortion providers, Islamic institutions, progressive media, secularist groups, and educational institutions. Its attacks, often involving DDoS, website defacements, and data leaks, aim to disrupt operations while promoting its ideological propaganda.
RipperSec Group Report
RipperSec Group Report
The document presents an analysis of the hacker group RipperSec.
RipperSec is a pro-Palestinian and pro-Muslim hacktivist group that emerged in June 2023 and operates from Malaysia. This group has distinguished itself through its aggressive actions against French organizations. Their operations combine data leaks and DDoS attacks, often carried out using their custom tool, MegaMedusa. RipperSec is known for targeting critical infrastructure, government websites, educational institutions, businesses, and financial services. Their goal is to expose injustices, disrupt operations, and attract media attention to pressure governments and companies.
Hunt3r-Kill3rs Group Report
Hunt3r-Kill3rs Group Report
Hunt3r Kill3rs is a cybercriminal group that targets industrial control systems (ICS), critical infrastructure, and conducts espionage operations. Their attacks are launched against companies using exposed programmable logic controllers (PLCs) and video surveillance systems. The group recruits employees with specific industrial missions within certain companies and recruits external people with specialized skills in cybersecurity, programming, and social engineering to achieve their goals. They use sophisticated psychological tactics, including emotional intelligence, to manipulate victims through methods such as emotional blackmail, guilt-tripping, and intimidation.
TWELVE Group Report
TWELVE Group Report
The presence of actors with political motivations makes the cyberthreat landscape increasingly complex. It is crucial to attempt to counter sophisticated attacks designed to generate destructive actions motivated by ideologies and political grievances. As opponents of Russia's regime, the TWELVE group is extremely well-informed about European geopolitical situations and potentially poses a danger following certain real-world decisions that could be made.
UserSec Report
UserSec Team Report
UserSec is a pro-Russian hacktivist group formed in 2023, primarily targeting Western countries and NATO members. They use DDoS attacks and data leaks as tactics. Although no official link to the Russian government has been established, their actions align with Russia's geopolitical interests. The group collaborates with other pro-Russian collectives like KillNet, and offers paid DDoS services as well as hacking training.
DarkStormTeam Report
DarkStorm Team (aka: DarkStrom Team)
Dark Storm Team is a pro-Palestinian hacktivist group that emerged in 2023, targeting Israel, Western countries, and NATO. Their activities combine political and commercial motivations, including DDoS attacks, data leaks, and paid cybercriminal services. Although seemingly pro-Palestinian, their actions also appear aligned with Russian geopolitical interests.
Fatemiyoun Electronic Team Report
Fatemiyoun Electronic Team (FFE)
Fatemiyoun Electronic Team (FFE) is a pro-Iranian hacktivist group created in 2020. Their activities include attacks on social media, website hacking, and disinformation campaigns, aimed at defending Shia Islam and promoting anti-American sentiments. Controlled by Kataib Hezbollah, an Iranian-backed Iraqi militia, FFE collaborates with other pro-Iranian entities. Recently, they claimed responsibility for cyberattacks against some government websites. The group represents a cyber threat aligned with Iran's geopolitical interests.
NoName057(16) Report
NoName057(16) Group
NoName057(16) is a pro-Russian hacktivist group created in 2022, specializing in DDoS attacks. They primarily target Ukraine, NATO countries, and organizations critical of Russia. The group uses Telegram for communication, has developed its own DDoS tool called DDOSIA, and recruits volunteers through the dark web, paying them in cryptocurrency. Their motivations align with Russian geopolitical interests. Although their attacks are usually short-lived, they represent a significant cyber threat capable of temporarily disrupting important online services.
