Six months of ransomware, breaches, data leaks and dark-web activity targeting Egyptian organizations — plus profiles of the adversary groups behind them. Compiled and confirmed by PurpleGuard's 24/7 SOC.
> Each profile covers background, recent activity, common techniques and objectives — factual, sourced, no speculation.
Russian-speaking RaaS operation, also tracked by Microsoft as Storm-2697. Runs an aggressive 90/10 affiliate split, the GentleKiller EDR-killer suite and a Go-based encryptor, with double extortion via BreachForums-recruited affiliates.
Likely a rebrand of the Rbfs operation. Escalated quickly from data theft to double extortion, imposing ransom deadlines as short as 48 hours and encrypting OneDrive files without changing icons to delay detection.
Fast-growing group with a global footprint, using Babuk-derived source code. Exploits critical vulnerabilities in widely-used enterprise software for initial access, then threatens to publish stolen files on Tor leak sites.
Full profiles for every group active against Egypt this half — in the report.
Organizations confirmed compromised this half, grouped by the actor responsible.
Intelligence sharing, not naming and shaming. The report references real organizations that have been compromised, never to damage reputations, disrupt operations, or point fingers at their security teams — it exists so the wider community can learn and defend. Most of this data was already made public by the adversaries themselves; an organization is only included after PurpleGuard SOC engineers independently confirm the claim.
Delivered by email, in the language you pick below.