Silent Team
Silent Team is a ransomware/extortion threat actor that emerged in April 2025. The available reporting describes it as one of several new groups active in the 2025 ransomware ecosystem. Silent Team has been specifically associated with extortion-only operations relying on data theft and leak-based extortion without deploying ransomware lockers. One cited incident attribute for the group is "2.8TB exfil," and reporting characterizes its activity as sporadic but high-profile. More broadly, the surrounding reporting places Silent Team within a 2025 threat environment where actors increasingly prioritize exfiltration-first operations, double-extortion monetization, and targeting of high-impact sectors. No additional aliases, sub-groups, or nation-state attribution are provided in the source content beyond the alias "silent_team"/"Silent Team".
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Silent Team is a ransomware group that, in 2025, adopted extortion-only tactics, focusing on data theft and public leaks rather than encrypting victim data.
Ransomware group known for large data exfiltration and sporadic high-profile attacks.
Newly emerged ransomware group (no specific victimology or TTPs detailed in the content).
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.