Emerging Threat Actors Spotlighted by DARKFEED

DARKFEED has identified a watchlist of emerging threat groups that have appeared within the last 30 days, detailing their observed attack volumes and initial detection dates. The group ‘ALP001’ leads this new cohort with 14 recorded attacks since its first appearance on March 22, 2026. Close behind is ‘Attacker’, noted for 13 attacks, and ‘Lapsus’ with 12 attacks, both having emerged in late March 2026.

Other notable groups include ‘NetRunner’ and ‘KRYBIT’, each with 6 and 4 attacks respectively, first observed on April 3, 2026. ‘Secp0’ also registered 4 attacks since its debut on March 9, 2026. The list further includes ‘Exitium’ with 3 attacks (first seen March 12, 2026), a second entry for ‘ALP-001’ with 2 attacks (also first seen March 22, 2026), and ‘Loki’ with a single attack observed on March 12, 2026.

This compilation offers a snapshot of the evolving threat landscape, highlighting newly active entities that security professionals should monitor. The data underscores the dynamic nature of cyber threats and the importance of continuous intelligence gathering.