-
The following interview, which we publish in full, was conducted in December 2025 by Erez, a member of the deepdarkCTI community. The Benzona ransomware gang is a cybercriminal entity employing a double-extortion model, which involves both encrypting victims’ files and exfiltrating sensitive data with threats of public release should the ransom not be paid. Upon…
-
Here we present an interview with Gabi, a member of the Cyber Toufan team. We contacted Gabi on Telegram and shared a list of questions, which we make available here in full. This team, active since October 2024, has published details of 13 operations it has conducted against Israeli targets on its website since late…
-
In this timeline (currently being updated) we show the main events related to the alleged seizure of the XSS underground forum. In addition, here you can find an analysis of the moderators present on the date of the alleged seizure and their latest activities performed on the forum (updated to July 24, 2025). Links to…
-
The following interview, which we publish in full, was conducted in July2025 by Erez, a member of the deepdarkCTI community. Q (Erez): Devman first appeared in April 2025 and, only two months later, released Devman 2, what drove that rapid evolution and which lessons from version 1 pushed you to move so quickly to version…
-
We interviewed Se7en, the founder of Exodus Market, a platform for selling infostealers logs. This market, active for almost a year, has been expanding its business in recent months and is becoming an increasingly popular alternative to what is currently the most popular market, Russian Market. The market, accessible at the urls indicated within our…
-
On June 3, a message appeared on the Threat Actor GhostSec channel accusing an Italian company (which was not named) that had requested the group to carry out offensive activities against Macedonian government targets. The company that requested the activity later refused to pay for the services that had been agreed upon, and so GhostSec…
-
The following interview, which we publish in full, was conducted in December 2024 by Erez, a member of the deepdarkCTI community. Q (Erez): Lockbit has been one of the most resilient ransomware groups despitenumerous disruptions. How do you maintain operational secrecy and continuity in the face of global law enforcement efforts like Operation Cronos?A (Lockbit):…
-
In this interview we had the pleasure to interview ALPHV Admin (hhxxps[:]//t[.]me/ALPHV_Admin), the founder of the ALPHV forum (hxxps[:]//alphv[.]pro/). Here is the full interview: Origins and Motivation The forum was created in 2011 The forum is not affiliated with the ALPHV/BlackCat group. The ALPHV/BlackCat group conducted an exit scam for $22 million. Initially, our forum…
-
In this interview we had the pleasure to interview STALINGRADSKIY (hxxps[:]//t[.]me/rootkalibt), the founder of the rootsploit forum (hxxps[:]//rootsploit[.]org/). Here is the full interview: Origins and Motivation I was inspired by other thematic forums, and I like free communication because there are rules in social networks and instant messengers that I don’t like. The idea of…