2024 saw data-leak sites (DLSs) for 72 extortion groups materialise. As of February 2025, Cyjax has identified DLSs for five new groups, as noted in recent blogs on extortion groups Kraken, Morpheus, GD LockerSec, and Babuk2. The fifth one to emerge goes by the name Linkc. Read on to find out what Cyjax knows so far about this new entrant into the data leak extortion scene.

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework was developed in 2013 to document the tactics and techniques used by adversaries in cyberattacks. Initially an internal tool for threat detection, it became publicly available in 2015 to support the cybersecurity community. Over time, it has evolved into a comprehensive resource that describes adversary behaviours during attacks.

According to Gartner Research and McMillan (2003), “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging hazard to assets that can inform decisions on how to respond.” Threat intelligence involves analysing data to predict and prevent cyber threats, allowing organisations to identify risks early and implement proactive defences.

Threat actors often use techniques such as phishing, lateral movement, and zero-days to gain and maintain access to systems. The increased sophistication of advanced persistent threat (APT) groups compared to other attackers means that long-term infiltration, careful exfiltration of data, and manipulation of systems without detection is often observed.

In today’s digital landscape, cyber threats are evolving at an unprecedented pace, growing more sophisticated and harder to detect. With each passing day, businesses and individuals alike find themselves navigating an increasingly complex threat environment. This complexity isn’t just about the number of attacks, it’s about their evolving tactics, the widening attack surface, and the sheer difficulty of distinguishing real threats from background noise.

Following the emergence of data-leak sites (DLSs) for Babuk Bjorka, GD LockerSec, and Morpheus in January 2025, a new extortion group called Kraken and its DLS has been observed in February. Read on to find out what Cyjax knows so far about this new threat group.

Cyjax operates within the dark web and ‘hidden service’ spaces to ensure a rich and current intelligence picture for its clients, enabling them to understand the changing threat landscape and prepare for incoming attacks and mitigate existing ones. Predicting an attack can be difficult, but fun!

This report will provide an overview of the various extortion groups, hacktivists, and initial access brokers (IABs) targeting the Middle East throughout 2024 and highlight the relevant observed trends. Specifically, this report will look at incidents affecting Egypt, Iran, Iraq, Saudi Arabia, Yemen, Syria, Jordan, United Arab Emirates, Israel, Lebanon, Oman, Kuwait, Qatar, and Bahrain.

Following the emergence of data-leak sites (DLSs) for extortion group’s Morpheus and GD LockerSec in January 2025, Cyjax has discovered a DLS which claims that the infamous Babuk ransomware group has returned. Read on to find out what we know so far.

Ransomware is one of the most prominent cybersecurity threats today, often spreading via phishing emails, malicious links, infected attachments, or exploiting software vulnerabilities. It is a type of malware designed to block access to files, data, or entire systems until a ransom is paid, usually in cryptocurrency. Beyond the financial impact, ransomware causes operational disruption and long-term reputational damage. The frequency and scale of ransomware attacks have surged in recent years.