Threat Group
Cybersecurity statistics about threat group
Showing 1-17 of 17 results
In 2025, Google Threat Intelligence Group attributed the exploitation of 9 zero-days to confirmed or likely financially motivated threat groups.
The top ten ransomware groups now account for only 50% of attacks, which is down from 69% previously.
The number of active ransomware groups has exceeded 60 for the first time.
The number of active ransomware groups has doubled over the last three years.
Nation-state actors are second most concerning threat actors.
When it comes to the most concerning threat actors, external sources dominate with hacktivists holding the top spot.
There are now 96 active ransomware groups.
52 entirely new ransomware groups emerged in the last year.
Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.
Akira and RansomHub shared second place of most active threat group in March, with 62 attacks each.
55% of threat groups active in 2024 were financially motivated, showing a steady increase.
Safepay was the third most active threat group in March, with 42 attacks.
Babuk2 was the most active threat group, responsible for 14% of all attacks in March. Babuk2 drove ransomware activity with 84 attacks in March. This represents a 37% increase for Babuk2 from January (61 attacks).
8% of threat groups were motivated by espionage.
February 2025 saw a total of 962 victims claimed by ransomware groups.
The number of victims claimed by Clop (Cl0p) saw a 300% jump from the previous month.
Out of the 962 victims claimed in February 2025, 335 were claimed by the Clop (Cl0p) group.