Group-IB’s
Top 10 Masked
Actors for 2026
From state-sponsored operatives stealing billions in cryptocurrency to criminal collectives bringing down global enterprises with a single phone call — the most disruptive threat actors of 2026 are named, profiled, and tracked here.
Revealed
Based on our latest High-Tech Crime Trends Report, compiled from 1,550+ investigations worldwide, these are the ten groups every security leader, law enforcement agency, and business decision-maker needs to know.
Podcast
series
series
Every year, our comprehensive High-Tech Crime Trends Report delivers the intelligence, forecasts, and analysis that drive effective action against cybercrime — drawn from 1,550+ investigations worldwide.
Top 10 Masked Actors for 2026
Knowing your adversary is the foundation of effective defense. Meet the world’s most prolific cyber threat actors.
Tycoon 2FA
Cybercrime
- Phishing-as-a-Service
- Adversary-in-the-middle
- MFA bypass
- credential theft
Teste PHP
Cybercrime
- malicious browser extension distribution
- banking credential theft
- cryptocurrency theft
- malspam campaigns
ShadowSilk
Cybercrime
- State-directed cyberespionage
- Data exfiltration
- Persistent network access
- Credential theft
- Dark web access sales
Scattered Spider
Cybercrime
- credential theft
- ransomware deployment
- data extortion
- SIM swapping
- wire fraud
- identity provider compromise
- Business Email Compromise (BEC)
DarkBlinders
Cybercrime
- targeted espionage
- critical infrastructure compromise
- credential theft
- intelligence gathering
Bloody Wolf
Cybercrime
- Spear-phishing
- persistent remote access via legitimate tooling
- government impersonation
- information theft
TX-NFC
Cybercrime
- NFC relay fraud
- contactless card cloning
- Fraud-as-a-Service operation
- mobile payment fraud
GoldFactory
Cybercrime
- mobile banking fraud
- biometric data theft
- credential harvesting
- OTP interception
- identity verification bypass
Lazarus
Cybercrime
- cryptocurrency exchange heists
- supply chain compromise
- e-commerce payment interception
- espionage
- intellectual property theft
- sanctions evasion
MuddyWater
Cybercrime
- state-directed cyberespionage
- intelligence gathering
- persistent network access
- data exfiltration
- credential theft
The Masked Actors
Intelligence Archive
Intelligence Archive
Every group we’ve ever unmasked. Still tracked. Still relevant.
Cybercriminal groups don’t disappear because they’ve fallen out of the headlines. The intelligence Group-IB has built on every Masked Actor remains active, continuously updated, and available here.
This archive exists because threat intelligence compounds. A group that dominated 2025’s landscape may have evolved, rebranded, or splintered – but the tradecraft, infrastructure patterns, and tactics we documented don't expire. For security teams, law enforcement, and researchers, this is a reference library built from real investigations.
This archive exists because threat intelligence compounds. A group that dominated 2025’s landscape may have evolved, rebranded, or splintered – but the tradecraft, infrastructure patterns, and tactics we documented don't expire. For security teams, law enforcement, and researchers, this is a reference library built from real investigations.
High-Tech Crimes
Trends Report 2026
Trends Report 2026
Want to level up your cybersecurity strategy?
Our unmatched annual cybercrime trends report is available to download now.
Our unmatched annual cybercrime trends report is available to download now.
Fill out the form below to download the High-Tech Crime Trends Report 2026 for more valuable data, actionable insights, forecasts and recommendations