Leading Hacking Collectives Globally Ranked 2025
====================================================================================
In the digital age, cybercrime has become a significant global concern. From banks to governments, various groups and actors have been caught in the act of cyber espionage, data theft, and financial fraud. Here's a rundown of some of the most notorious cybercrime groups and nation-state actors.
Carbanak (also known as Anunak or FIN7)
Carbanak, a Russian cybercrime group, has been operating since 2013, targeting banks using Remote Access Trojans (RATs) and SWIFT manipulation. The group has managed to steal more than $1 billion by pretending to be HR and gaining access to phishing sites.
The Lazarus Group
North Korea's top cyber force, the Lazarus Group, has been active since 2009. Known for mixing spying and financial crime, this group has been involved in high-profile attacks, including the theft of $1.5 billion worth of cryptocurrency from the Bybit exchange on February 21, 2025.
Anonymous
Anonymous, a hacktivist collective, was founded on 4chan in 2008. Known for DDoS attacks, data dumps, and website defacements, Anonymous targets perceived injustices. The group has been involved in anti-corruption campaigns, global protests, and regional tensions such as OpIsrael 2025 and cyberattacks on government and infrastructure sites in Vietnam in April 2025.
The Shadow Brokers (TSB)
The Shadow Brokers appeared in 2016, releasing NSA hacking tools, including EternalBlue, leading to global ransomware attacks. The Shadow Brokers' dump harmed economies trillions of dollars through WannaCry and NotPetya.
APT1 (also known as Comment Crew)
APT1, associated with the Chinese People's Liberation Army, is expert at stealing intellectual property. The group was still spying on U.S. companies and stealing designs to help China's tech rise in 2025, using specialized malware in campaigns like Operation Aurora.
Lizard Squad
Lizard Squad, a black hat gang that targets gaming networks with DDoS attacks, emerged in 2014. The group was led by Ryan Cleary, who was previously arrested and prosecuted.
DarkHotel
DarkHotel conducts surveillance on government officials and executives by employing backdoors that have been customized. Believed to be South Korean intelligence (or a combination of actors), DarkHotel has been targeting Asian elites through hotel Wi-Fi networks since 2004.
APT28 (also known as Fancy Bear or Pawn Storm)
APT28 is a Russian state-sponsored hacking group connected to the GRU's 85th Main Special Service Center. The group has been active since at least 2007 and is skilled in spear-phishing, spreading malware, and interfering with elections.
The Equation Group
The Equation Group is a hacker group whose goals and attributions are not further elaborated upon in the provided paragraph.
Each of these groups and actors presents a unique threat in the cyber world, highlighting the need for continued vigilance and robust cybersecurity measures. As technology advances, so too will the tactics of these groups, making it crucial for individuals and organizations to stay informed and protected.
