2025 AI Threat Report: How cybercriminals are weaponizing AI technology
KELA’s 2025 AI Threat Report provides exclusive intelligence on how threat actors are exploiting AI and offers actionable insights for security practitioners.
Breaking / KELA Launches AI-Driven Digital Cyber Analysts, Industry's First Agentic AI for Threat Intelligence
Learn More
Research
Welcome to KELA Cyber Threat Intelligence Research! Stay informed, stay protected. Our expert team monitors evolving cyber threats, analyzing cybercrime underground sources, trends, tactics, and vulnerabilities. Get ahead of bad actors with insights on emerging attack techniques, industry-specific threats, and actionable recommendations to fortify your defenses.
Research
Research
Inside the Black Basta Leak: How Ransomware Operators Gain Access
A major data leak has exposed the internal workings of Black Basta, revealing how one of the most active ransomware groups infiltrates and exploits its victims. KELA analyzed the leaked data to uncover the top five initial access and lateral movement tactics used by the group—including how stolen credentials from infostealer malware logs are fueling
Research
The State of Cybercrime 2025 Report
KELA’s State of Cybercrime 2025 report uncovers the most significant cyber threats of the past year, including ransomware evolution, AI-driven cybercrime, and state-backed attacks. Get exclusive insights and 2025 predictions to stay ahead of emerging risks.
Research
KuppingerCole Executive View – KELA Cyber Threat Intelligence Platform
Read about KELA CTI as featured by KuppingerCole, a global, independent analyst organization headquartered in Europe. KuppingerCole specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity and other technologies.
Research
Unmasking Deepfakes: When Digital Deception Becomes the New Reality
Uncover the alarming rise of deepfake technology in our report, where we delve into how it’s becoming a crucial tool for cybercriminals, facilitating deception, manipulation, and fraud.
Research
2024 Paris Olympics: Cyberattacks are Far from Fair Game
Discover the critical cyber threats facing the 2024 Paris Olympic Games and the extended risks to associated partners and participants in our comprehensive report.
Research
Chinese Cybercrime Ecosystem [Report]
CISA prioritized Chinese cyber threats in 2023 amidst increased state-sponsored attacks and cybercrime originating from China. Mutual growth between financially motivated cybercriminals and state-sponsored APTs within the Chinese cybercrime ecosystem is noted. KELA’s research aims to empower defenders against these evolving threats.
Research
A deep dive into Akira and Black Basta negotiations
Diving into the shadowy realm of cyber extortion!
KELA’s new report reveals the intricate tactics of Akira and Black Basta, two of the most formidable ransomware adversaries in 2023. Uncover their negotiation strategies, ransom demands, and the real implications of capitulating to their terms. Delve deeper into the full report for a detailed
Research
Beyond Donations: How Hacktivist Groups Fund Their Operations
Through active monitoring of hacktivist groups, KELA identified a shift in their funding patterns. While traditionally relying on donations from community, it became evident that solely depending on these contributions is insufficient. In this report, KELA explores the success and failure of hacktivist groups’ various monetization efforts.
Research
Ransomware Victims and Network Access Sales in Q2 2023
Hold on to your hats! The ransomware and extortion pros were in full swing during the Q2 2023! KELA identified more than 1,200 victims, amounting to an increase of 41% from Q1 2023. Read the report to learn about the most prolific ransom and extortion actors, as well as their victim, top geographies, industries and main events involving ransom gangs.
Research
APT Groups And Their Presence In The Cybercrime Ecosystem [REPORT]
Despite the aura of sophistication surrounding APT groups, and although it is difficult to identify them in cybercrime sources, the cybercrime ecosystem is an important resource for APT groups when it comes to their operations. In this report, we show how APT groups not only access standard cybercrime sources, but are also active participants in them.
Research
Delving Into The Emerging Infostealers Of 2023 [Report]
Information stealers continue to be a significant concern for companies in 2023 as in the last few years. The emergence of new infostealers highlights the ongoing efforts of cybercriminals to create new tools for stealing sensitive data. Read the report to learn about newly emerged infostealers, popular illicit markets and what to anticipate in 2023.
Research
Ransomware Victims and Network Access Sales in Q1 2023
The massive ransomware campaign that targeted thousands of ESXi servers in early 2023 highlights the continuing danger posed by ransomware and extortion groups to organizations worldwide.1 KELA observed an increase in ransomware and extortion attacks and sales of network access (an important part in ransomware gangs’ supply chain) in Q1 2023 compared
Research
TELEGRAM – How a Messenger Turned Into a Cybercrime Ecosystem by 2023
Telegram is a messaging app that is used by many people around the world for a variety of purposes. However, it has also become a hub for cybercrime activities, including the sale and leakage of stolen personal and corporate data, the organization of cybercrime gangs, the distribution of hacking tutorials, hacktivism and the sale of illegal physical
Research
The Cybercrime Inferno- 2022 Annual Report
Ransomware attacks occur when hackers gain unauthorized access to a computer system or network and hold it hostage through data encryption or threats to expose sensitive information until a ransom is paid. Get insights into the 2022 landscape of ransomware, extortion attacks, as well as trends, prevention strategies, and mitigation methods.
Research
Keys to the Kingdom: How Compromised Corporate Emails Have Become the Most Attractive Attack Vector for Cybercriminals
Dedicated shops provide a convenient platform for threat actors to sell a large number of compromised emails. Once purchased, these accounts can be monetized through various attack types. KELA’s analysis examines the extent of these shops used to monetize compromised emails and demonstrates how actors exploit obtained access.
Research
Ransomware Victims and Network Access Sales in Q3 2022
Ransomware and data-leak actors continue to operate vigorously with new gangs having emerged in Q3 2022. IABs offers continue to be in demand and to increase in quantity and price. Read on to delve into KELA’s expert analysis and get mitigation recommendations!
Research
Top Luxury Brands in France: Threat Landscape Report
France is a world leader in the Luxury sector. This research by KELA delves into cyber threats faced by luxury companies, emphasizing their attractiveness as targets due to holding data from affluent individuals and public figures. Moreover, compromising employee data grants attackers access to internal information for exfiltration, sale, or extortion.
Research
Examining Ransomware Victims and Network Access Sales in Q2 2022
Ransomware groups continue to evolve and threaten organizations and companies around the world. While some gangs reduced their activity in Q2 2022 or shut down, new actors like Black Basta emerged and continued extorting money from businesses. The report is based on KELA’s monitoring of ransomware gangs and initial access brokers’ activity in Q2.
Research
German Automotive Sector Cybercrime Threats Landscape Report
The German automotive sector is one of the leading sectors in Germany. It is adopting digital and automation technologies, and is therefore a valuable target for cyber criminals, from ransomware gangs to nation-state actors. In the report you’ll find new surprising findings by KELA research team as well as valuable forecasts and recommendations.
Research
Ransomware Victims and Network Access Sales in Q1 2022
In Q1 2022, ransomware gangs maintained their status as a major threat. They collaborated with various cybercriminals, such as initial access brokers (IABs), and aimed to conduct attacks against corporations worldwide. This report features insights and analysis from KELA’s extensive monitoring of ransomware gangs and IAB’s activity in Q1.
Research
2021-2022 UK Financial Sector Cyber Threat Landscape Report
This research aims to shed light on cyber threats targeting the UK’s financial sector. Due to the trend of transporting banking and financial services online, the sector is putting itself at cyber risk. Being the most likely sector to hold personal data of customers, the question of financial sector’s state of cyber security is of utmost importance.
Research
Beware. Ransomware. Top Trends of 2021
In this report, KELA provides insights into ransomware victims, recaps activity of ransomware groups in 2021 — both in terms of their attacks and presence on cybercrime forums — and shares exclusive findings about collaboration of ransomware actors with other cybercriminals.
Research
Analysis of leaked Conti’s internal data
On February 27, 2022, as a response to the Conti ransomware gang’s support of the Russian invasion of Ukraine, a suspected Ukrainian researcher leaked internal conversations of its members. KELA analyzed the leaks to understand the group’s evolution and TTPs, as well as organizational structure. Get the report to learn more!