Full Report
With thousands of threat groups trying to make a name for themselves and new ones cropping up every day, it can take some work to come up with a name for a new threat group. Which may help explain all the misspellings and odd threat group names out there. Looking just at threat groups active in 2025 that have been investigated by Cyble dark web researchers, here are some of the more interesting and humorous names of hackers and threat groups that are currently active. We opted for PG-rated names; there are quite a few threat groups with names that would make a security writer uncomfortable just typing them out, so we took a more family-friendly approach here. Weird Threat Group Names: The Menacing Quite a few threat group names are taken from fantasy characters, typically the menacing ones. Here are a few of those, and you could probably guess which fictional characters have been used for threat group names. LordVoldemort: The problem with using The Dark Lord’s name is people expect you to be a real badass. With a couple of recent attacks on Indonesian telecom and automotive targets, LordVoldemort may not quite live up to the group’s storied name just yet, but we’re fine with that; we wouldn’t want to see them reach that level of potential. VanHelsing: Is a Ransomware-as-a-Service (RaaS) group really the equivalent of a vampire slayer? This group just launched on March 7, so we’ll need to wait and see what their targets and methods look like. Morpheus: Another new group, with two victims so far – a pharmaceutical company and a time-tracking systems company. So far they seem to be engaged in standard ransomware group activity; no red or blue pills reported as of yet. Satanic: We’ll include the OG Dark Lord in this category. With a couple dozen attacks on organizations around the globe, the Satanic threat group is doing a pretty good job living up to its name. Cute and Funny Threat Group Names Some groups don’t seem to want to be seen as fearsome, at least in their choice of name. Easier to escape the notice of law enforcement, perhaps? Here are several such names. Space Bears: Cute like Care Bears but in a hackery way, with a pretty odd slogan too: “bears conquer space” (image below). [caption id="attachment_101421" align="aligncenter" width="529"] Space Bears threat group logo[/caption] Rabbit Cyber Team: With apologies to Monty Python, bunnies just aren’t that scary. Meow: Okay, maybe the cute names are going a little too far. OX THIEF: Do they steal animals, or Ox cables? swag: At least we know what they’re after. crocs: Does the name refer to the scary reptile, or the fashion-disaster footwear? Sadly, the threat actor’s logo (image left) provides an answer; we were kind of hoping for the footwear. Maybe they could puts a pair of Crocs on the croc, just for us. Loser: We found ourselves wishing those guys better self-esteem. Skillz: Anyone else hear Napoleon Dynamite in that one? Bow hunting skills, computer hacking skills. BFF: It’s always heartwarming when lifelong friends embark on a life of cybercrime together. Weird Threat Group Names: Compound Names Threat actors often favor compound names, borrowing a branding technique from corporate branding teams. These can create some odd pairings, like “StableFish,” “CanyonGod,” “FlipperZero” and “Devil.God” – we’re sensing some internal conflict on that last one, unlike with “Ddarknotevil,” who want you to know they’re not bad people at heart. Some other examples of the compound threat group name genre: BreadPirateLoler: Does anyone else hear “Dread Pirate Roberts” in that one? Bumblebeef: Do they have a beef with Bumble? So far their only target has been a U.S. financial services firm. Funksec: Assuming “sec” is short for security, this name conjures up images of a bunch of hackers dressed like Parliament Funkadelic. SyntheticEmotions: Kind of deep when you think about it. SafePay: We can imagine the slogan for this ransomware group – “Our decryption keys actually work!” TrapHouseMob: Not sure if a more unsavory name is possible, at least in a PG-rated article. Hacktivist Group Names: Ghosts and Dragons Hacktivists often choose names that blend their regional loyalties with fearsome creatures. Moroccan Dragons is one such example. This pro-Palestine group has been involved in attacks on Israeli and other targets, and has also been part of the odd alliance of pro-Islamic and pro-Russian groups known as the “Holy League.” “Ghosts” are another popular name for hacktivist groups. One such group – Arabian Ghosts – is a pro-Syrian group claiming recent attacks on U.S. and Israel critical infrastructure. Other hacktivist names are, well, kind of fun. Mysterious Team Bangladesh is a fun name for a group that has been anything but fun. Cyble has recorded 30 attacks by the group involving Indian, Middle Eastern, European and African targets. Mr Hamza is another somewhat entertaining name for a hacktivist group, in this case a pro-Palestinian group that has attacked targets in Israel, the U.S., and elsewhere. Cyber Partisans seems like a really polite way for this anti-Russian group to say they’re hacktivists.
Analysis Summary
Based on the provided article context, the summary below focuses on the specific threat actors mentioned and the limited details available for them.
# Threat Actor: Various Groups (Identified via Unique Naming Conventions)
## Attribution & Identity
The article primarily focuses on actors identified by their unusual names rather than specific technical attribution.
Known aliases/associations mentioned include:
* **BreadPirateLoler:** Compared to "Dread Pirate Roberts."
* **Bumblebeef:** Associated with an attack on a U.S. financial services firm.
* **Funksec:** Speculative name derivation ("sec" for security).
* **SyntheticEmotions:** Noted for its philosophical name.
* **SafePay:** Described as a ransomware group, characterized humorously by reliable decryption keys.
* **TrapHouseMob:** Noted for having an unsavory name.
* **Moroccan Dragons:** A pro-Palestine hacktivist group. Associated with the pro-Islamic/pro-Russian alliance known as the "Holy League."
* **Arabian Ghosts:** A pro-Syrian hacktivist group.
* **Mysterious Team Bangladesh:** A hacktivist group.
* **Mr Hamza:** A pro-Palestinian hacktivist group.
* **Cyber Partisans:** An anti-Russian hacktivist group.
## Activity Summary
The summary focuses on the known activities associated with these groups:
* **Bumblebeef:** Targeted a U.S. financial services firm.
* **Moroccan Dragons:** Involved in attacks on Israeli and "other targets," and allied with the "Holy League."
* **Arabian Ghosts:** Claimed recent attacks on U.S. and Israeli critical infrastructure.
* **Mysterious Team Bangladesh:** Recorded performing 30 attacks against targets in India, the Middle East, Europe, and Africa.
* **Mr Hamza:** Attacked targets in Israel and the U.S.
* **Cyber Partisans:** Described as an anti-Russian hacktivist entity.
## Tactics, Techniques & Procedures
The article provides very little specific technical TTP information. The focus is on the nature of the groups (ransomware vs. hacktivism).
- **Ransomware Tactics:** Implied by the description of "SafePay" ("Our decryption keys actually work!").
- **Hacktivism:** Implied by the activities of groups like Moroccan Dragons and Arabian Ghosts targeting specific countries/infrastructure.
- **Supply Chain/Software Vulnerabilities:** Independent of specific actors, the article mentions advisories regarding Rising Technosoft software vulnerabilities and Drupal AI module flaws, suggesting these areas are active vectors in the broader threat landscape.
## Targeting
Targeting information is derived from stated affiliations or claimed victims:
* **Sectors:** Financial Services (Bumblebeef), Critical Infrastructure (Arabian Ghosts).
* **Geography:**
* **Pro-Palestine focus:** Israel (Moroccan Dragons, Mr Hamza).
* **Pro-Syrian focus:** U.S. and Israel (Arabian Ghosts).
* **Broader targets:** India, Middle East, Europe, Africa (Mysterious Team Bangladesh).
* **Alliance target:** France (Holy League alliance targeted France).
* **Victims:**
* U.S. financial services firm (Bumblebeef).
* Israeli targets (Moroccan Dragons, Mr Hamza).
* U.S. targets (Arabian Ghosts, Mr Hamza).
* Indian, Middle Eastern, European, and African targets (Mysterious Team Bangladesh).
## Tools & Infrastructure
No specific malware families, C2 mechanisms, IP addresses, or URLs are detailed for any of the groups listed. The only infrastructure reference is the non-technical alliance name: the **"Holy League."**
## Implications
The primary implication highlighted by cataloging these actors is the continued diversity in threat actor naming conventions, which, despite being humorous or strange, masks serious geopolitical hacktivist activity (e.g., pro-Palestine/pro-Syrian motivations) and traditional criminal operations (ransomware groups like SafePay). The presence of groups like Mysterious Team Bangladesh indicates persistent threats across diverse global regions.
## Mitigations
No specific technical mitigations are listed for these actors in the text. The article discusses broader security topics indirectly, such as:
* Patching vulnerabilities in software (Rising Technosoft, Drupal).
* Addressing fraud/scams (impersonating CSA/SPF via email).
* General cloud security best practices (AWS S3 buckets).