Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Artificial Intelligence (AI) is a double-edged sword in cybersecurity, empowering both defenders and attackers. AI-driven security systems are often used to detect threats in real-time, analysing large datasets for anomalies, and automating responses to cyberattacks. However, cybercriminals are also leveraging AI to create advanced malware, automate phishing attacks, and evade traditional defenses.

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of late February 2025, Cyjax has identified DLSs for six new groups in 2025, as noted in recent blogs on extortion groups Kraken, Morpheus, GD LockerSec, Babuk2, and Linkc. The latest DLS which Cyjax has identified is named Anubis. This Ransomware-as-a-Service (RaaS) group appears to be sophisticated and professional, providing services including affiliates, data ransoms, and access monetisation.

2024 saw data-leak sites (DLSs) for 72 extortion groups materialise. As of February 2025, Cyjax has identified DLSs for five new groups, as noted in recent blogs on extortion groups Kraken, Morpheus, GD LockerSec, and Babuk2. The fifth one to emerge goes by the name Linkc. Read on to find out what Cyjax knows so far about this new entrant into the data leak extortion scene.

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework was developed in 2013 to document the tactics and techniques used by adversaries in cyberattacks. Initially an internal tool for threat detection, it became publicly available in 2015 to support the cybersecurity community. Over time, it has evolved into a comprehensive resource that describes adversary behaviours during attacks.

According to Gartner Research and McMillan (2003), “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging hazard to assets that can inform decisions on how to respond.” Threat intelligence involves analysing data to predict and prevent cyber threats, allowing organisations to identify risks early and implement proactive defences.

Threat actors often use techniques such as phishing, lateral movement, and zero-days to gain and maintain access to systems. The increased sophistication of advanced persistent threat (APT) groups compared to other attackers means that long-term infiltration, careful exfiltration of data, and manipulation of systems without detection is often observed.

In today’s digital landscape, cyber threats are evolving at an unprecedented pace, growing more sophisticated and harder to detect. With each passing day, businesses and individuals alike find themselves navigating an increasingly complex threat environment. This complexity isn’t just about the number of attacks, it’s about their evolving tactics, the widening attack surface, and the sheer difficulty of distinguishing real threats from background noise.

Following the emergence of data-leak sites (DLSs) for Babuk Bjorka, GD LockerSec, and Morpheus in January 2025, a new extortion group called Kraken and its DLS has been observed in February. Read on to find out what Cyjax knows so far about this new threat group.

Cyjax operates within the dark web and ‘hidden service’ spaces to ensure a rich and current intelligence picture for its clients, enabling them to understand the changing threat landscape and prepare for incoming attacks and mitigate existing ones. Predicting an attack can be difficult, but fun!

This report will provide an overview of the various extortion groups, hacktivists, and initial access brokers (IABs) targeting the Middle East throughout 2024 and highlight the relevant observed trends. Specifically, this report will look at incidents affecting Egypt, Iran, Iraq, Saudi Arabia, Yemen, Syria, Jordan, United Arab Emirates, Israel, Lebanon, Oman, Kuwait, Qatar, and Bahrain.