Actors

Lazarus Group is a state-linked intrusion set known for financially motivated operations, espionage, and cryptocurrency-focused activity. This profile is written for defensive analysis and portfolio demonstration.

LockBit is represented as a ransomware ecosystem focused on financial extortion, affiliate-driven intrusions, data theft pressure, and file encryption impact.

APT28 / Fancy Bear is modeled as an espionage-focused actor associated with political, defense, media, and government targeting. Content is kept defensive and educational.

APT29 is modeled as an espionage-focused actor associated with diplomatic, government, technology, and research targeting. This profile is written for defensive portfolio context.

Sandworm is represented as a disruptive and espionage-capable actor profile with emphasis on critical infrastructure awareness and defensive monitoring.

FIN7 is modeled as a financially motivated cybercrime actor profile associated with enterprise intrusion, payment-related targeting, and data theft pressure.

Scattered Spider is represented as a financially motivated intrusion cluster with emphasis on identity abuse, social engineering risk, and enterprise access monitoring.

Clop is modeled as a ransomware and extortion ecosystem profile focused on data theft pressure, enterprise exposure, and defensive incident response context.