Threat Actor Encyclopedia
Stay ahead of adversaries with the context you need to anticipate, respond to, and neutralize threats. Powered by FortiGuard Labs, our Threat Actor Encyclopedia provides actionable insights, helping security teams prepare and streamline advanced threat hunting and response.
RomCom
The RomCom group is a highly skilled, state-nexus cyber threat actor that operates in ways benefiting...
The Gentlemen Ransomware
Emerging in mid-2025, The Gentlemen is a cybercriminal group that breaks into company networks, steals...
Coinbase Cartel Ransomware
Coinbase Cartel is a cyber‑extortion threat actor first observed in September 2025. Rather than encrypting...
Internet YIFF Machine
In March 2026, a threat actor operating under the alias "Internet YIFF Machine" claimed responsibility for...
Interlock Ransomware
Interlock is an emerging ransomware group first observed in late September 2024, with initial samples...
Sidewinder
Sidewinder(also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor...
Shiny Hunters
ShinyHunters is a financially motivated black-hat criminal hacking and extortion group believed to have...
Handala
Handala is a pro-Palestinian and pro-Iran hacktivist group that emerged in December 2023, shortly after...
RansomHub Ransomware
RansomHub is a Ransomware-as-a-Service (RaaS) operation that emerged in early 2024 and is believed to be...
Inc Ransomware
INC Ransom (also Incransom) is a ransomware-as-a-service (RaaS) group that emerged in mid-2023, also known...
Play Ransomware
Play, also known as Playcrypt, is a ransomware group that has posed a significant threat to a wide range...
SafePay Ransomware
SafePay is a relatively new and highly active ransomware group that first emerged in late 2024. The group...