Modern Attack Hub

MODERN ATTACK HUB Fighting modern attacks starts here The go-to resource for threat research, insights, and strategies Modern attacks exploit the blind spots in traditional defenses, leaving organizations vulnerable to devastating breaches. Is your business prepared to stop them? Discover the new face of cyber threats Learn how today’s sophisticated attackers bypass your prevention tools — and what you can do to stop them. Attack Groups Know your adversary Understand who’s targeting your modern network and get to know the motivations and methods they use. Explore Attack Techniques Decode modern tactics Learn how today’s attackers evade detection — and what you can do to find and stop them. Explore Security Gaps Eliminate blind spots Take the one-minute assessment to uncover weaknesses in your current defenses. Explore ATTACK GROUPS We study how modern attackers operate so you know who you are up against. Stopping modern attacks starts with knowing your adversary. Learn how today’s attackers infiltrate environments and the detection capabilities you need to spot them. Lockbit LockBit is one of the largest Ransomware-as-a-Service Groups in the world and has orchestrated extensive cyberattacks across various industries, impacting thousands of organizations globally with its relentless and adaptive strategies. Read more Akira Akira Ransomware Group is known for its "retro aesthetic" and for primarily exploiting vulnerabilities in VPN services and known Cisco vulnerabilities. Read more RansomHub RansomHub was a ransomware-as-a-service (RaaS) variant, previously known as Cyclops and Knight. Read more INC Ransom INC Ransom has been targeting critical infrastructure with sophisticated ransomware since 2023. It combines advanced intrusion techniques and extortion tactics, making it a serious threat to organizations worldwide. The group poses significant risks to organizations in sectors such as healthcare, manufacturing, government, and technology. Read more GLOBAL GROUP GLOBAL GROUP is a newly emerged Ransomware-as-a-Service (RaaS) operation launched in June 2025 by a known Russian-speaking threat actor, offering AI-driven negotiation, mobile control panels, and aggressive affiliate incentives to rapidly expand its reach across global industries. Read more Scattered Spider Scattered Spider (UNC3944) is a financially motivated threat actor known for its sophisticated use of social engineering, identity abuse, and high-impact ransomware attacks. Active since early 2022, the group has evolved rapidly, targeting a wide range of industries across multiple countries. Read more PLAY The Play ransomware group, also known as PlayCrypt, is a sophisticated and highly active threat actor that conducts double extortion attacks by stealing and encrypting data, targeting organizations across multiple sectors worldwide through stealthy, credential-based intrusions and custom-built malware. Read more Lockbit LockBit is one of the largest Ransomware-as-a-Service Groups in the world and has orchestrated extensive cyberattacks across various industries, impacting thousands of organizations globally with its relentless and adaptive strategies. Read more Akira Akira Ransomware Group is known for its "retro aesthetic" and for primarily exploiting vulnerabilities in VPN services and known Cisco vulnerabilities. Read more RansomHub RansomHub was a ransomware-as-a-service (RaaS) variant, previously known as Cyclops and Knight. Read more INC Ransom INC Ransom has been targeting critical infrastructure with sophisticated ransomware since 2023. It combines advanced intrusion techniques and extortion tactics, making it a serious threat to organizations worldwide. The group poses significant risks to organizations in sectors such as healthcare, manufacturing, government, and technology. Read more GLOBAL GROUP GLOBAL GROUP is a newly emerged Ransomware-as-a-Service (RaaS) operation launched in June 2025 by a known Russian-speaking threat actor, offering AI-driven negotiation, mobile control panels, and aggressive affiliate incentives to rapidly expand its reach across global industries. Read more Scattered Spider Scattered Spider (UNC3944) is a financially motivated threat actor known for its sophisticated use of social engineering, identity abuse, and high-impact ransomware attacks. Active since early 2022, the group has evolved rapidly, targeting a wide range of industries across multiple countries. Read more PLAY The Play ransomware group, also known as PlayCrypt, is a sophisticated and highly active threat actor that conducts double extortion attacks by stealing and encrypting data, targeting organizations across multiple sectors worldwide through stealthy, credential-based intrusions and custom-built malware. Read more Lockbit LockBit is one of the largest Ransomware-as-a-Service Groups in the world and has orchestrated extensive cyberattacks across various industries, impacting thousands of organizations globally with its relentless and adaptive strategies. Read more Akira Akira Ransomware Group is known for its "retro aesthetic" and for primarily exploiting vulnerabilities in VPN services and known Cisco vulnerabilities. Read more RansomHub RansomHub was a ransomware-as-a-service (RaaS) variant, previously known as Cyclops and Knight. Read more INC Ransom INC Ransom has been targeting critical infrastructure with sophisticated ransomware since 2023. It combines advanced intrusion techniques and extortion tactics, making it a serious threat to organizations worldwide. The group poses significant risks to organizations in sectors such as healthcare, manufacturing, government, and technology. Read more GLOBAL GROUP GLOBAL GROUP is a newly emerged Ransomware-as-a-Service (RaaS) operation launched in June 2025 by a known Russian-speaking threat actor, offering AI-driven negotiation, mobile control panels, and aggressive affiliate incentives to rapidly expand its reach across global industries. Read more More Attack Groups ATTACK TECHNIQUES We research what modern attackers do so you know what to watch for. Today’s attackers don’t rely on just one technique. They weave together multiple tactics and move across multiple environments, from on-premises to cloud to SaaS. See how modern attackers slip past prevention tools — and how to detect threats at every turn. Anatomy of a Modern Attack Attack Techniques SECURITY GAPS We expose where modern attackers win so you know where your gaps exist. Traditional cybersecurity solutions often fail to correlate the subtle signals of a sophisticated intrusion across on-premises, cloud, and SaaS environments. The result? Attackers slip through undetected, until it’s too late. Take our Security Gap Assessment to see where your current defenses may be falling short. Assess Your Security Fight modern attacks with Vectra AI Ready to close your security gap for good? Powered by advanced threat detection AI, the Vectra AI Platform provides the coverage, clarity, and control security teams need to protect modern networks from modern attacks. Coverage Gain unified visibility across all environments — cloud, data center, endpoints, and more. Clarity Cut through the noise with clear, prioritized alerts on real attacks. Control Move from detection to response fast, with automated workflows and seamless integrations. Explore the Vectra AI Platform Don’t let modern attacks catch you off guard Assess Your Security Find out how you can protect what matters. Request a Demo See why 1,600 security teams use the Vectra AI Platform to fight modern attacks.