0APT ransomware group rises swiftly with bluster, along with genuine threat of attack | CyberScoop<\/title> <meta name=\"description\" content=\"Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/0apt-ransomware-group-hoax-technical-capabilities\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"0APT ransomware group rises swiftly with bluster, along with genuine threat of attack\"> <meta property=\"og:description\" content=\"Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/0apt-ransomware-group-hoax-technical-capabilities\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-02-11T22:29:26+00:00\"> <meta property=\"article:modified_time\" content=\"2026-02-11T22:29:29+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg\"> <meta property=\"og:image:width\" content=\"2309\"> <meta property=\"og:image:height\" content=\"1299\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1770135364g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87761\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87761\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2F0apt-ransomware-group-hoax-technical-capabilities%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2F0apt-ransomware-group-hoax-technical-capabilities%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87761 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/0apt-ransomware-group-hoax-technical-capabilities\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.090909090909\">\n<div class=\"single-article__header-content\" readability=\"35.435517970402\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/0apt-ransomware-group-hoax-technical-capabilities\/\"> <span>Ransomware<\/span> <\/a> <\/li>\n<\/ul>\n<p> Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87761\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"A figure walking with a glowing trail of binary code emanating from a case, symbolizing stolen data. (Getty Images Plus)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg 2309w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-2.jpg?resize=1498,843 1498w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> A figure walking with a glowing trail of binary code emanating from a case, symbolizing stolen data. (Getty Images Plus) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"69.376157010627\"><body readability=\"140.31719128329\"><\/p>\n<p>Ransomware groups crop up like weeds, angling for striking positions in a crowded field rife with turnover, infighting and unbridled competition. Yet, they rarely emerge, as 0APT did late last month, claiming roughly 200 victims out of the gate.<\/p>\n<p>Researchers have thus far seen no evidence confirming 0APT attacked any of its alleged victims, which includes high-profile organizations. Alleged victim data samples and the structure and size of placeholder file trees published by 0APT place further doubt on the group\u2019s supposed criminal escapades. <\/p>\n<p>Most signs suggest the group is running a massive hoax, but at least some of the threat 0APT poses is grounded in truth. The group\u2019s inflated pretense may be a ruse to create a sense of momentum, gain recognition and attract affiliates.<\/p>\n<p>\u201cWhile 0APT is probably bluffing about the victims it has already compromised, it is not bluffing on the technical capabilities of its actual ransomware,\u201d Cynthia Kaiser, senior vice president at Halcyon\u2019s ransomware research center, told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>0APT\u2019s infrastructure is sound, including cryptographically strong and fully operational ransomware binaries, unique code and a well organized panel for affiliates, she said. \u201cEven if researchers assess most claimed victims as fabricated, the underlying ransomware payload represents genuine risk to any organization that encounters it.\u201d<\/p>\n<p>The group\u2019s outlandish claims accentuates the messy state of ransomware, with researcher interest and widespread fear among potential victims \u2014 perceived or real \u2014 delivering benefits for criminal syndicates that compete for mindshare and co-conspirators. <\/p>\n<p>0APT\u2019s apparent swift rise with a massive alleged victim count that hovered around 200 organizations within its first week online caught the attention of multiple ransomware research firms, resulting in reports this week by <a href=\"https:\/\/www.halcyon.ai\/ransomware-alerts\/emerging-ransomware-group-0apt\">Halcyon<\/a> and <a href=\"https:\/\/www.guidepointsecurity.com\/blog\/gritrep-0apt-and-the-victims-who-werent\/\">GuidePoint Security<\/a>.<\/p>\n<p>Researchers roundly consider the group\u2019s initial claims an act of deception. This pattern of claiming a high number of victims without substantiating evidence surfaced last year with other ransomware groups, including Babuk2 and FunkSec, which eventually disclosed confirmed victims.<\/p>\n<p>\u201cAfter those initial fake lists, we started to see legitimate victims as the gangs attracted affiliates and matured into fully functioning ransomware-as-a-service organizations,\u201d Kaiser said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>GuidePoint researchers acknowledge 0APT could evolve into a genuine problem, but they are more dismissive of the group\u2019s capabilities. <\/p>\n<p>Justin Timothy, principal threat intelligence consultant at GuidePoint, said 0APT\u2019s encryptor isn\u2019t unique or noteworthy amongst its ransomware peers.<\/p>\n<p>\u201cThe ransomware encryptor is only one piece of the attack kill chain,\u201d he said. \u201cThreat actors still need to be able to obtain initial access, escalate privilege, and move laterally all while evading detection and endpoint detection and response. These aspects can often take more skill and technical knowledge compared to the creation of encryption malware.\u201d<\/p>\n<p>While 0APT might be running a scam, it doesn\u2019t appear to be a fly-by-night operation. <\/p>\n<p>The group\u2019s alleged victims are opportunistic and predominantly operate in critical infrastructure and data-rich sectors, according to Halcyon. Most of the claimed victims are based in the United States, and the top sectors targeted include health care, professional services, technology, transportation and logistics, energy and manufacturing. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>0APT has been consistently adding and removing alleged victims from its data-leak site, which went offline briefly before returning earlier this week with a much lower victim count.<\/p>\n<p>\u201cThe group\u2019s early claims appear to focus more on gaining visibility and momentum, believing those will recruit affiliates faster than validity,\u201d Kaiser said.<\/p>\n<p>Attracting affiliates and attention for future operations could be driving some of 0APT\u2019s behavior, but cybercriminals frequently deride such activities once the extent of their lies becomes widely known, said Jason Baker, managing security consultant of threat intelligence at GuidePoint.<\/p>\n<p>\u201cThat strategy was almost certainly shortsighted and undermined by 0APTs fabrications, which render them an unattractive partner or destination for affiliates going forward,\u201d Baker said. \u201cAfter all, if they\u2019re willing to lie this brazenly about their victims and capabilities, why wouldn\u2019t they lie to their affiliates as well?\u201d<\/p>\n<p>The make-up of 0APT remains unknown, with no obvious lineage or overlap with other ransomware variants, but the group is financially motivated and very aggressive in communications, Kaiser said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWhile the operators appear to not be novices, we have no evidence of who is running the group or its exact origins,\u201d she added.<\/p>\n<p>Halcyon, which is developing technical analysis on the group, insists 0APT poses a genuine threat that will eventually ensnare legitimate victims. <\/p>\n<p>\u201cGiven the fact that they are attracting attention and operating a capable encryptor, we see the potential as high that real victims may soon appear,\u201d Kaiser said. A focused rebrand, such as removing all the fake victims and starting to list real victims, even only a few, will be a strong signal that the group has evolved into a serious operation.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.8502155172414\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/0apt-ransomware-group-hoax-technical-capabilities\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>0APT ransomware group rises swiftly with bluster, along with genuine<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5933,282,323,1218,684,46,256],"tags":[5934,286,327,1230,689,54,262],"class_list":["post-8344","post","type-post","status-publish","format-standard","hentry","category-0apt","category-cybercrime","category-extortion","category-guidepoint-security","category-halcyon","category-ransomware","category-research","tag-0apt","tag-cybercrime","tag-extortion","tag-guidepoint-security","tag-halcyon","tag-ransomware","tag-research"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/0apt\/\" rel=\"category tag\">0APT<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/extortion\/\" rel=\"category tag\">extortion<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/guidepoint-security\/\" rel=\"category tag\">GuidePoint Security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/halcyon\/\" rel=\"category tag\">Halcyon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a>","tag_info":"Research","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8344"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8344\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8344,"date":"2026-02-11T16:29:26","date_gmt":"2026-02-11T22:29:26","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87761"},"modified":"2026-02-11T16:29:26","modified_gmt":"2026-02-11T22:29:26","slug":"0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/02\/11\/0apt-ransomware-group-rises-swiftly-with-bluster-along-with-genuine-threat-of-attack\/","title":{"rendered":"0APT ransomware group rises swiftly with bluster, along with genuine threat of attack"},"content":{"rendered":"