North America Intelligence Insights Report, April 2025

Inside, you’ll find detailed information on:

Phishing-as-a-Service evolves

Threat actors exploit compromised corporate email systems to send fake crypto wallet recovery phrases and steal digital assets.

Deepfake deception on the rise

AI-generated voice and video deepfakes used in tax-season phishing scams across the U.S., impersonating IRS agents, tax professionals, and even victims’ family members

RansomHub dominates

77 North American organizations disclosed by the most active ransomware group this period.

Cactus surges post-Black Basta

After Black Basta’s suspected exit scam, Cactus ransomware group sees a spike in activity, disclosing 33 companies in February alone.

Shared TTPs and shifting alliances

BackConnect malware, social engineering, and leaked infrastructure signal overlap and migration between Black Basta and Cactus operators.

North America Intelligence Insights Report, April 2025

Inside, you’ll find detailed information on:

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Phishing-as-a-Service evolves">Phishing-as-a-Service evolves

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Deepfake deception on the rise">Deepfake deception on the rise

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="RansomHub dominates">RansomHub dominates

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Cactus surges post-Black Basta">Cactus surges post-Black Basta

<img src="https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/check-icon--lbg.svg" alt="Shared TTPs and shifting alliances">Shared TTPs and shifting alliances

Relevant reports

Phishing-as-a-Service evolves

Deepfake deception on the rise

RansomHub dominates

Cactus surges post-Black Basta

Shared TTPs and shifting alliances