Blog Post

The Human Connection Blog
1 MIN READ

New CTI Labs: Threat Actors Akira and DragonForce

benhopkins's avatar
benhopkins
Icon for Immerser rankImmerser
24 days ago

Today, we’ve released two brand new threat actor labs focussing on Akira, a prolific threat actor focussing on double-extortion ransomware operations, and DragonForce, a ransomware group and affiliate runner who claimed responsibility for involvement in the recent attacks against M&S, Co-op, and Harrods.

These labs will highlight the background and TTPs of Akira, a highly prolific threat actor with indiscriminate targeting, and DragonForce, a ransomware actor recently in the news, connected to the attacks on M&S, Co-op, and Harrods.

Why are these labs important?

Akira is one of the most prolific threat actors that does not discriminate in its targeting. It often targets medium to large enterprises worldwide, with a strong focus on North America and Europe, including the UK. This means that no one is exempt from Akira's targeting in the future, so knowing your TTPs and how to prepare for attacks from threat actors is paramount to keeping your organization safe.

Throughout late April 2025, DragonForce has been all over the news since they claimed responsibility for being involved in the attacks against Marks and Spencer, Co-Op, and Harrods in the UK. The information in the labs reflects DragonForce's latest known TTPs and helps customers to stay one step ahead of actors like DragonForce.

Who are these labs for?

These labs deliver the latest information relating to threat actors and their TTPs. The personas who would benefit the most from these labs are:

  • Cyber Threat Intelligence Analysts
  • SOC Analysts
  • Incident Responders
  • Threat Hunters

Here are the links to the labs:

Updated 24 days ago
Version 2.0
No CommentsBe the first to comment