235/69 Thursday, April 30, 2026
A report from the Halcyon Ransomware Research Center has revealed a major conflict within the cybercriminal ecosystem, as two emerging ransomware groups-0APT and KryBit-engaged in a heated feud that escalated into mutual hacking and public data exposure. The conflict began when 0APT attempted to build its reputation by claiming it had successfully attacked established ransomware groups such as Everest and RansomHouse. However, these claims provoked a strong response from KryBit, which retaliated by hacking back and taking control of 0APT’s leak site, leaving behind a warning message not to challenge more established actors.
KryBit’s retaliation exposed that 0APT had fabricated its list of over 190 victims claimed earlier in 2026, using false information to build credibility within underground markets. At the same time, KryBit itself suffered a data leak, revealing internal operational details, including two administrators, five affiliates, and ransom negotiation figures ranging from $40,000 to $100,000. This incident highlights how financially driven cybercriminal groups are willing to undermine each other, exposing or stealing data without hesitation when conflicts arise.
Although such infighting may appear chaotic, cybersecurity experts view it as beneficial for defenders. The leaked data provides valuable insights into attacker behavior, techniques, and tactics (TTPs), which often remain consistent even when groups rebrand or rebuild infrastructure. Organizations are advised to take advantage of this situation by monitoring for unusual data exfiltration, verifying the integrity of backups, and strengthening ransomware defenses-particularly against active threats like KryBit and Everest, which continue to pose real risks.
Source https://www.darkreading.com/threat-intelligence/feuding-ransomware-groups-leak-data