{ "id": "b446c14a-b9c8-4666-83e1-a9e8a5cb962d", "created_at": "2026-04-06T00:06:36.20904Z", "updated_at": "2026-04-10T03:33:15.571308Z", "deleted_at": null, "sha1_hash": "ed6e3a7a09ebe123f19899f7c1635887fbe1bdec", "title": "Cyber Security Research", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 56422, "plain_text": "Cyber Security Research\r\nArchived: 2026-04-05 12:50:48 UTC\r\n2025 Annual\r\nResearch Report\r\nAt NCC Group, our Research advances cyber security by discovering vulnerabilities, building open‑source tools,\r\nand translating insights into practical guidance for customers and the wider community.\r\nOur projects span vulnerability research and exploitation, network and system security, malware and ransomware\r\nanalysis/DFIR, applied cryptography, hardware \u0026 embedded systems/IoT, and software/AI security – with a track\r\nrecord of publishing reports and tooling that strengthen real‑world cyber resilience.  \r\nFor over 25 years, NCC Group researchers have contributed deep technical insight across industry and academia,\r\npresenting at global conferences and collaborating with partners worldwide. \r\n2000+\r\nperson-days of security research annually\r\n280\r\nOpen-source tools \u0026 datasets authored by NCC authors on our public Github\r\n150+\r\nCVEs found since 2020\r\nResearch Articles\r\nResearch\r\nPublic Report - Object First\r\nhttps://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/\r\nPage 1 of 5\n\nPublic Report - Object First\r\nRead more\r\nResearch\r\nThe silent dependency: DC power regulation in cyber‑physical security\r\nThe silent dependency: DC power regulation in cyber‑physical security\r\nRead more\r\nResearch\r\nDissecting Android Malware - Post 1: Mamont Banking Trojan\r\nDissecting Android Malware - Post 1: Mamont Banking Trojan\r\nRead more\r\nResearch\r\nASYNCing Feeling: When Your Download Comes with Something Extra\r\nASYNCing Feeling: When Your Download Comes with Something Extra\r\nRead more\r\nResearch\r\nSo, You Now Have Crypto… Planning for Third-Party Security Assurance and Penetration Tests as an OEM or\r\nSupplier\r\nSo, You Now Have Crypto… Planning for Third-Party Security Assurance and Penetration Tests\r\nas an OEM or Supplier\r\nRead more\r\nResearch\r\nVulnerability Analysis of CVE-2026-21236\r\nVulnerability Analysis of CVE-2026-21236\r\nRead more\r\nResearch\r\nScaling the Mesh: Best Practices for Securing DigiMesh Environments\r\nhttps://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/\r\nPage 2 of 5\n\nScaling the Mesh: Best Practices for Securing DigiMesh Environments\r\nRead more\r\nResearch\r\nThe Cartographer's Advantage: Human Judgment in an AI Security World\r\nThe Cartographer's Advantage: Human Judgment in an AI Security World\r\nRead more\r\nResearch\r\nCybersecurity and Operational Resiliency Challenges in Agriculture\r\nCybersecurity and Operational Resiliency Challenges in Agriculture\r\nRead more\r\nWhitepapers\r\nAnnual Cyber Security Research Report 2025\r\nAnnual Cyber Security Research Report 2025\r\nRead more\r\nResearch\r\nEuro 7 Anti-tampering and the Expanding Cybersecurity Landscape\r\nEuro 7 Anti-tampering and the Expanding Cybersecurity Landscape\r\nRead more\r\nResearch\r\nBlack Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey\r\nBlack Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey\r\nRead more\r\nResearch Activities\r\nSecurity Research Services\r\nhttps://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/\r\nPage 3 of 5\n\nOur Security Research Services help organisations answer complex, high‑risk cyber security questions that lie\r\nbeyond standard consulting. \r\nThis work: \r\nIs funded by customers\r\nOften requires exploration of previously untested hypotheses\r\nDraws on expertise across cryptography, hardware, AI, vulnerability research, secure systems engineering\r\nand more\r\nHas delivered major projects for the UK public sector and North American technology companies, with\r\nongoing expansion into new geographies \r\nThese services can range from feasibility research and prototype development to deep technical investigations that\r\nimprove resilience, reduce uncertainty, or validate future defensive approaches. \r\nExploit Development Group (EDG)\r\nThe Exploit Development Group is NCC Group’s cutting-edge exploitation team. \r\nThey:\r\nDeliver high‑impact research with global recognition\r\nPresent at top‑tier conferences worldwide\r\nCompete in events such as Pwn2Own on behalf of NCC Group\r\nProvide bespoke exploit development support to our consultants\r\nOffer secondment opportunities that develop elite exploitation skills within our technical teams \r\nEDG ensures NCC Group remains an industry leader in vulnerability discovery, exploitation, and advanced\r\nsecurity research. \r\nAcademic Partnerships\r\nOur academic partnerships extend NCC Group’s mission by collaborating with universities and research\r\ninstitutions to: \r\nSupport PhD and Masters-level research programmes\r\nShape undergraduate teaching through challenges, curriculum contributions and student projects\r\nDeliver STEM outreach and careers engagement\r\nBuild awareness of NCC Group as a destination for future cyber security professionals \r\nThese collaborations provide access to new technologies and early theoretical developments, while enabling the\r\nnext generation of talent to gain hands‑on experience with real-world security problems. \r\nhttps://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/\r\nPage 4 of 5\n\nCommercial research enquiries\r\nSource: https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/\r\nhttps://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "ETDA", "MITRE" ], "references": [ "https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/" ], "report_names": [ "wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group" ], "threat_actors": [ { "id": "50068c14-343c-4491-b568-df41dd59551c", "created_at": "2022-10-25T15:50:23.253218Z", "updated_at": "2026-04-10T02:00:05.234464Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Indrik Spider", "Evil Corp", "Manatee Tempest", "DEV-0243", "UNC2165" ], "source_name": "MITRE:Indrik Spider", "tools": [ "Mimikatz", "PsExec", "Dridex", "WastedLocker", "BitPaymer", "Cobalt Strike" ], "source_id": "MITRE", "reports": null }, { "id": "b296f34c-c424-41da-98bf-90312a5df8ef", "created_at": "2024-06-19T02:03:08.027585Z", "updated_at": "2026-04-10T02:00:03.621193Z", "deleted_at": null, "main_name": "GOLD DRAKE", "aliases": [ "Evil Corp", "Indrik Spider ", "Manatee Tempest " ], "source_name": "Secureworks:GOLD DRAKE", "tools": [ "BitPaymer", "Cobalt Strike", "Covenant", "Donut", "Dridex", "Hades", "Koadic", "LockBit", "Macaw Locker", "Mimikatz", "Payload.Bin", "Phoenix CryptoLocker", "PowerShell Empire", "PowerSploit", "SocGholish", "WastedLocker" ], "source_id": "Secureworks", "reports": null }, { "id": "8f68387a-aced-4c99-b2a6-aa85071a0ca3", "created_at": "2024-06-25T02:00:05.030976Z", "updated_at": "2026-04-10T02:00:03.656871Z", "deleted_at": null, "main_name": "Void Arachne", "aliases": [ "Silver Fox" ], "source_name": "MISPGALAXY:Void Arachne", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a7805d1a-b8d0-4a42-ae86-1d8711e0b2b9", "created_at": "2024-08-28T02:02:09.729503Z", "updated_at": "2026-04-10T02:00:04.967533Z", "deleted_at": null, "main_name": "Void Arachne", "aliases": [ "Silver Fox" ], "source_name": "ETDA:Void Arachne", "tools": [ "Gh0stBins", "Gh0stCringe", "HoldingHands RAT", "Winos" ], "source_id": "ETDA", "reports": null }, { "id": "9806f226-935f-48eb-b138-6616c9bb9d69", "created_at": "2022-10-25T16:07:23.73153Z", "updated_at": "2026-04-10T02:00:04.729977Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Blue Lelantos", "DEV-0243", "Evil Corp", "G0119", "Gold Drake", "Gold Winter", "Manatee Tempest", "Mustard Tempest", "UNC2165" ], "source_name": "ETDA:Indrik Spider", "tools": [ "Advanced Port Scanner", "Agentemis", "Babuk", "Babuk Locker", "Babyk", "BitPaymer", "Bugat", "Bugat v5", "Cobalt Strike", "CobaltStrike", "Cridex", "Dridex", "EmPyre", "EmpireProject", "FAKEUPDATES", "FakeUpdate", "Feodo", "FriedEx", "Hades", "IEncrypt", "LINK_MSIEXEC", "MEGAsync", "Macaw Locker", "Metasploit", "Mimikatz", "PayloadBIN", "Phoenix Locker", "PowerShell Empire", "PowerSploit", "PsExec", "QNAP-Worm", "Raspberry Robin", "RaspberryRobin", "SocGholish", "Vasa Locker", "WastedLoader", "WastedLocker", "cobeacon", "wp_encrypt" ], "source_id": "ETDA", "reports": null }, { "id": "6c4f98b3-fe14-42d6-beaa-866395455e52", "created_at": "2023-01-06T13:46:39.169554Z", "updated_at": "2026-04-10T02:00:03.23458Z", "deleted_at": null, "main_name": "Evil Corp", "aliases": [ "GOLD DRAKE" ], "source_name": "MISPGALAXY:Evil Corp", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775433996, "ts_updated_at": 1775791995, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ed6e3a7a09ebe123f19899f7c1635887fbe1bdec.pdf", "text": "https://archive.orkl.eu/ed6e3a7a09ebe123f19899f7c1635887fbe1bdec.txt", "img": "https://archive.orkl.eu/ed6e3a7a09ebe123f19899f7c1635887fbe1bdec.jpg" } }