Uptime Hamster: 0d 0h 0mDeploy: 5 Jul 2026 10:25Updated: 2026-07-10
Logo del actor de amenaza ido_cohen2

ido_cohen2

16 incidentes 3 paises 5 sectores Ultimo: 2026-06-28
Ver en IntelTracker → APTTrail →

Actores similares

bushidoukactor · 55Poseidon Groupapt · 1taidooractor · 1poseidonactor · 1Operation Bandidosapt · 0Taidoorapt · 0

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / leak siteunknownnitter.netIdo Cohen: The attackers never rest... and neither do we. Meet RedAct, a newly tracked ransomware group. The group has already published 2 victims and states that it is driven purely by financial gain—not politics or hacktivism. According to its public message, organizations that refuse to negotiate or fail to meet ransom demands should expect their stolen data to be published. Another emerging threat worth keeping on your radar.
X/Twitterunknownx.comIdo Cohen: A new ransomware-linked vulnerability has recently been added to DarkFeed's CISA KEV monitoring. CVE-2026-35273 affects Oracle PeopleSoft Enterprise PeopleTools and allows unauthenticated attackers to potentially gain control over vulnerable systems. The vulnerability is already listed in CISA's Known Exploited Vulnerabilities catalog and has been associated with ransomware activity. Organizations using PeopleSoft should prioritize patching and exposure assessment.
DLS / leak siteunknownnitter.netIdo Cohen: New Ransomware Group: Settra Settra has entered the ransomware landscape with 10+ published victims already listed on its leak site. Unlike groups that attempt to justify their actions, Settra openly states its motivation is simple: money. The group claims it does not target specific countries or industries—it targets organizations with exploitable security weaknesses.
DLS / leak siteunknownnitter.netIdo Cohen: Two ransomware groups are showing a sharp increase in activity during 2026. SafePay Q1 2026: 22 victims Q2 2026: 59 victims (+168%) RALord (Nova) Q1 2026: 14 victims Q2 2026: 60 victims (+329%) Both groups have significantly accelerated their operations in recent months, making them two of the fastest-growing ransomware threats to watch. Track ransomware trends and emerging threat groups with DarkFeed.
DLS / leak siteunknownnitter.netIdo Cohen: Tracking the pulse of ransomware in 2026—these are the groups leading the global attack landscape right now: Qilin – 665 attacks The Gentleman – 453 attacks Akira – 290 attacks DragonForce – 245 attacks INC – 239 attacks Lockbit – 199 attacks Play – 154 attacks CLOP – 127 attacks NightSpire – 115 attacks CoinBase Cartel – 97 attacks Stay ahead of ransomware threats.
DLS / leak siteunknownnitter.netIdo Cohen: Stormous is back with increased activity. Recent victims have had their public websites defaced with a ransomware message displayed directly on the homepage—a pressure tactic sometimes used by ransomware groups to increase urgency and force negotiations. DarkFeed makes it easy to compare a ransomware group's leak site with the victim's public website in one place, helping analysts quickly identify attacks like these.
DLS / leak siteupnitter.netIdo Cohen: Country Spotlight: Canada Over the past 7 days, our AI-powered platform tracked ransomware and cyber extortion attacks targeting Canada.
DLS / leak siteupnitter.netIdo Cohen: Sector Spotlight: HealthCare Over the past 7 days, our AI-powered platform tracked ransomware and cyber extortion groups actively targeting the HealthCare sector.
DLS / leak siteunknownnitter.netIdo Cohen: We continue to monitor additional sources in the darknet. Here are some of the events that were added to our platform in the last week. 1 A major breach exposed over 500GB of sensitive personal information from job seekers, posing a high risk of identity theft and fraud. 2 Remote access to POS systems is being sold, threatening financial data and sensitive customer information across large retail businesses globally.
DLS / leak siteunknownnitter.netIdo Cohen: The Icarus supply chain extortion campaign continues to unfold. The group has now added 5 additional victims, all with their identities partially concealed. The guessing game has officially begun. How many organizations were impacted through this supply chain incident? And are we witnessing the emergence of a serious competitor to CLOP in the supply chain extortion arena? We'll know more soon.
DLS / leak siteunknownnitter.netIdo Cohen: Supply Chain Extortion Alert The Icarus ransomware group has escalated pressure tactics against a major Canadian consulting and competitive intelligence provider. After initially naming the organization, the group is now threatening to release data belonging to the company's clients, giving them a deadline to make contact before publication begins.
DLS / leak siteunknownnitter.netIdo Cohen: APT73 continues to expand its operations. The group has added 3 new victims to its leak site, including a government entity in South America and a major international airport operator in Central Europe serving tens of millions of passengers annually. APT73 was added to the DarkFeed platform in mid-2024 and has since claimed 110+ victims.
DLS / leak siteupnitter.netIdo Cohen: Meet Wallstreet — not the financial market, but the latest ransomware group added to our monitoring platform. The group's leak site currently lists a single victim: a manufacturing company from India. With 1,000+ ransomware and cyber extortion victims already tracked since the beginning of the year, keeping up with the threat landscape is becoming increasingly challenging.
DLS / leak siteunknownnitter.netIdo Cohen: Threat Group Update Prinz Eugen has launched a newly redesigned leak site and updated its public profile. According to the group's latest statement, it describes itself as a for-profit organization that "specializes in hacking" while claiming it currently does not operate a Ransomware-as-a-Service (RaaS) program. The group also stated that membership intake is currently closed and limited to existing core members.
DLS / leak siteupnitter.netIdo Cohen: Weekly Ransomware & Cyber Extortion Intelligence Report Our platform continuously monitors ransomware groups and darknet activity worldwide.
DLS / leak siteunknownnitter.netIdo Cohen: New Ransomware Groups Added to DarkFeed Over the past few days, we added two new ransomware/extortion groups to the DarkFeed intelligence platform: SevyWare A newly launched RaaS operation claiming ties to former members of established ransomware groups. The operators are actively recruiting Initial Access Brokers and insiders while promoting an aggressive affiliate-focused model.
DLS / leak siteunknownnitter.netIdo Cohen: A new ransomware-linked vulnerability has recently been added to DarkFeed's CISA KEV monitoring. CVE-2026-35273 affects Oracle PeopleSoft Enterprise PeopleTools and allows unauthenticated attackers to potentially gain control over vulnerable systems. The vulnerability is already listed in CISA's Known Exploited Vulnerabilities catalog and has been associated with ransomware activity. Organizations using PeopleSoft should prioritize patching and exposure assessment.
Victimas
16
TTPs unicas
1
Info robada historica
500 GB
Rescates reclamados
N/D
Pagos detectados
N/D

TTPs observadas

T1566 Phishing

Paises afectados

United States (5) Canada (1) India (1)

Sectores atacados

Media (10) Technology (1) Healthcare (2) Retail (1) Government (1)

URLs nuevas detectadas en IntelTracker

nitter.net x.com nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net nitter.net

Victimas (16)

Ido Cohen: The attackers never rest... and neither do we. Meet RedAct, a newly tracked ransomware group. The group has already published 2 victims and states that it is driven purely by financial gain—not politics or hacktivism. According to its public message, organizations that refuse to negotiate or fail to meet ransom demands should expect their stolen data to be published. Another emerging threat worth keeping on your radar.28 Jun 2026
Ransomware Media
The attackers never rest... and neither do we. Meet RedAct, a newly tracked ransomware group. The group has already published 2 victims and states tha…
Ido Cohen: New Ransomware Group: Settra Settra has entered the ransomware landscape with 10+ published victims already listed on its leak site. Unlike groups that attempt to justify their actions, Settra openly states its motivation is simple: money. The group claims it does not target specific countries or industries—it targets organizations with exploitable security weaknesses.27 Jun 2026
Ransomware Media
New Ransomware Group: Settra Settra has entered the ransomware landscape with 10+ published victims already listed on its leak site. Unlike groups tha…
Ido Cohen: Two ransomware groups are showing a sharp increase in activity during 2026. SafePay Q1 2026: 22 victims Q2 2026: 59 victims (+168%) RALord (Nova) Q1 2026: 14 victims Q2 2026: 60 victims (+329%) Both groups have significantly accelerated their operations in recent months, making them two of the fastest-growing ransomware threats to watch. Track ransomware trends and emerging threat groups with DarkFeed.26 Jun 2026
Ransomware Media
Two ransomware groups are showing a sharp increase in activity during 2026. SafePay Q1 2026: 22 victims Q2 2026: 59 victims (+168%) RALord (Nova) Q1 2…
Ido Cohen: Tracking the pulse of ransomware in 2026—these are the groups leading the global attack landscape right now: Qilin – 665 attacks The Gentleman – 453 attacks Akira – 290 attacks DragonForce – 245 attacks INC – 239 attacks Lockbit – 199 attacks Play – 154 attacks CLOP – 127 attacks NightSpire – 115 attacks CoinBase Cartel – 97 attacks Stay ahead of ransomware threats.26 Jun 2026
Ransomware Media
Tracking the pulse of ransomware in 2026—these are the groups leading the global attack landscape right now: Qilin – 665 attacks The Gentleman – 453 a…
Ido Cohen: Stormous is back with increased activity. Recent victims have had their public websites defaced with a ransomware message displayed directly on the homepage—a pressure tactic sometimes used by ransomware groups to increase urgency and force negotiations. DarkFeed makes it easy to compare a ransomware group's leak site with the victim's public website in one place, helping analysts quickly identify attacks like these.25 Jun 2026
Ransomware United States Media
Stormous is back with increased activity. Recent victims have had their public websites defaced with a ransomware message displayed directly on the ho…
Ido Cohen: Country Spotlight: Canada Over the past 7 days, our AI-powered platform tracked ransomware and cyber extortion attacks targeting Canada.25 Jun 2026
Ransomware Canada Technology
Country Spotlight: Canada Over the past 7 days, our AI-powered platform tracked ransomware and cyber extortion attacks targeting Canada. Independent c…
Ido Cohen: Sector Spotlight: HealthCare Over the past 7 days, our AI-powered platform tracked ransomware and cyber extortion groups actively targeting the HealthCare sector.25 Jun 2026
Ransomware United States Healthcare
Sector Spotlight: HealthCare Over the past 7 days, our AI-powered platform tracked ransomware and cyber extortion groups actively targeting the Health…
Ido Cohen: We continue to monitor additional sources in the darknet. Here are some of the events that were added to our platform in the last week. 1 A major breach exposed over 500GB of sensitive personal information from job seekers, posing a high risk of identity theft and fraud. 2 Remote access to POS systems is being sold, threatening financial data and sensitive customer information across large retail businesses globally.24 Jun 2026
Breach Retail
We continue to monitor additional sources in the darknet. Here are some of the events that were added to our platform in the last week. 1 A major brea…
Ido Cohen: The Icarus supply chain extortion campaign continues to unfold. The group has now added 5 additional victims, all with their identities partially concealed. The guessing game has officially begun. How many organizations were impacted through this supply chain incident? And are we witnessing the emergence of a serious competitor to CLOP in the supply chain extortion arena? We'll know more soon.23 Jun 2026
Ransomware United States Media
The Icarus supply chain extortion campaign continues to unfold. The group has now added 5 additional victims, all with their identities partially conc…
Ido Cohen: APT73 continues to expand its operations. The group has added 3 new victims to its leak site, including a government entity in South America and a major international airport operator in Central Europe serving tens of millions of passengers annually. APT73 was added to the DarkFeed platform in mid-2024 and has since claimed 110+ victims.23 Jun 2026
Ransomware Government
APT73 continues to expand its operations. The group has added 3 new victims to its leak site, including a government entity in South America and a maj…
Ido Cohen: Meet Wallstreet — not the financial market, but the latest ransomware group added to our monitoring platform. The group's leak site currently lists a single victim: a manufacturing company from India. With 1,000+ ransomware and cyber extortion victims already tracked since the beginning of the year, keeping up with the threat landscape is becoming increasingly challenging.23 Jun 2026
Ransomware India Manufacturing
Meet Wallstreet — not the financial market, but the latest ransomware group added to our monitoring platform. The group's leak site currently lis…
Ido Cohen: Threat Group Update Prinz Eugen has launched a newly redesigned leak site and updated its public profile. According to the group's latest statement, it describes itself as a for-profit organization that "specializes in hacking" while claiming it currently does not operate a Ransomware-as-a-Service (RaaS) program. The group also stated that membership intake is currently closed and limited to existing core members.22 Jun 2026
Ransomware Media
Threat Group Update Prinz Eugen has launched a newly redesigned leak site and updated its public profile. According to the group's latest stateme…
Ido Cohen: Weekly Ransomware & Cyber Extortion Intelligence Report Our platform continuously monitors ransomware groups and darknet activity worldwide.22 Jun 2026
Ransomware United States Healthcare
Weekly Ransomware & Cyber Extortion Intelligence Report Our platform continuously monitors ransomware groups and darknet activity worldwide. Indep…
Ido Cohen: Supply Chain Extortion Alert The Icarus ransomware group has escalated pressure tactics against a major Canadian consulting and competitive intelligence provider. After initially naming the organization, the group is now threatening to release data belonging to the company's clients, giving them a deadline to make contact before publication begins.21 Jun 2026
Ransomware United States Media
Supply Chain Extortion Alert The Icarus ransomware group has escalated pressure tactics against a major Canadian consulting and competitive intelligen…
Ido Cohen: New Ransomware Groups Added to DarkFeed Over the past few days, we added two new ransomware/extortion groups to the DarkFeed intelligence platform: SevyWare A newly launched RaaS operation claiming ties to former members of established ransomware groups. The operators are actively recruiting Initial Access Brokers and insiders while promoting an aggressive affiliate-focused model.21 Jun 2026
Ransomware Media
New Ransomware Groups Added to DarkFeed Over the past few days, we added two new ransomware/extortion groups to the DarkFeed intelligence platform: Se…
Ido Cohen: A new ransomware-linked vulnerability has recently been added to DarkFeed's CISA KEV monitoring. CVE-2026-35273 affects Oracle PeopleSoft Enterprise PeopleTools and allows unauthenticated attackers to potentially gain control over vulnerable systems. The vulnerability is already listed in CISA's Known Exploited Vulnerabilities catalog and has been associated with ransomware activity. Organizations using PeopleSoft should prioritize patching and exposure assessment.20 Jun 2026
Ransomware Media
A new ransomware-linked vulnerability has recently been added to DarkFeed's CISA KEV monitoring. CVE-2026-35273 affects Oracle PeopleSoft Enterpr…