From The Dark Side
Intelligence from the criminal underground — ransomware gang activity, credential markets, initial access brokers, data breach tracking, and emerging attack tooling. Curated by Security Arsenal analysts so your team has what it needs to stay ahead.
Live Ransomware Victims
refreshed every 5 minActive ransomware gang postings from public leak sites. For awareness and defensive intelligence only.
| Threat Group | Victim | Sector | Country | Discovered | |
|---|---|---|---|---|---|
| qilin | S.J. Louis | Not Found | BR | Jul 8, 2026 | Details |
| krybit | xuerong.com | Technology | CN | Jul 8, 2026 | Details |
| krybit | shelby.com.mx | Not Found | MX | Jul 8, 2026 | Details |
| chaos | opportune.com 🇺🇸 US COMPANY | Business Services | US | Jul 8, 2026 | Details |
| chaos | corepharma.com 🇺🇸 US COMPANY | Healthcare | US | Jul 8, 2026 | Details |
| akira | Wade's Dairy | Agriculture and Food Production | GB | Jul 8, 2026 | Details |
| play | Preneed Funeral Programs 🇺🇸 US COMPANY | Consumer Services | US | Jul 7, 2026 | Details |
| qilin | Next Clinics | Healthcare | CZ | Jul 7, 2026 | Details |
| play | Kevin Bao Lenguyen | Not Found | — | Jul 7, 2026 | Details |
| play | United Infrastructure 🇺🇸 US COMPANY | Energy | US | Jul 7, 2026 | Details |
Showing latest 10 victims. Full searchable database available.
View All & SearchIntelligence Categories
Click a category for full archive + SIGMA rulesUnderground Intelligence Feed
Salat Stealer, UNK_MassTraction & Cavern Manticore: OTX Pulse Analysis — Multi-Vector APT Campaigns
Three active campaigns: Salat Stealer infostealer, UNK_MassTraction exploiting Roundcube in universities, and Iran-linked Cavern Manticore targeting Israel. High urgency.
OP-512 China-Linked Espionage + UNC3753 Targeted Campaigns: GhostKit, PlugX, Cobalt Strike, BazarLoader, TrickBot - OTX Pulse Analysis — Enterprise Detection Pack
China-linked OP-512 targets IIS with GhostKit; UNC3753 attacks US law firms with BazarLoader/TrickBot. HIGH PRIORITY threat intel.
Frequently Asked Questions
Is Your Organization in the Underground?
Security Arsenal monitors dark web markets, ransomware leak sites, and criminal forums for your domains, IP ranges, and executive identities. We'll tell you if you're already being sold — before the attack begins.