1 malware family

Arkana

Also known asArkana

Arkana is a ransomware threat actor first listed as a new ransomware variant appearing in March 2024. Reporting cited in the provided content says Arkana claimed victims including WideOpenWest, Oregon Surveillance, INFINOX Global, Anglo American, Synopsys, and Ticketmaster. Separate reporting states Arkana targeted high-value global brands in the entertainment sector. Microsoft Threat Intelligence reportedly identified Arkana as part of Qilin’s affiliate roster, alongside groups such as Octo Tempest/Scattered Spider and Devman. Additional reporting says that when Arkana launched a data extortion site in March 2025, its about page displayed a “Qilin Network” logo, suggesting a working relationship with Qilin. Based on the provided content, Arkana is therefore associated with ransomware and data extortion activity and appears linked to the Qilin ransomware ecosystem as an affiliate or partner. No higher-confidence attribution to a nation state is provided in the content.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

2 of 15 tactics2 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0004

Privilege Escalation

1 technique

T1068

Exploitation for Privilege Escalation

TA0040

Impact

1 technique

T1486

Data Encrypted for Impact

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

QilinQilin is a Russian-speaking ransomware-as-a-service (RaaS) operation first observed in July 2022 under the "Agenda" name and rebranded as Qilin in September 2022.1Apr 9, 2026

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

derp ca blogNews

Apr 9, 2026

Qilin: reverse-engineering the Windows build behind 1,000+ victims | Derp

Reported Qilin affiliate named in the affiliate roster.

blackfogNews

Sep 10, 2025

Ongoing: New Ransomware Gangs in 2025

Named as a new ransomware variant/gang emerging in 2024 and associated with victim claims posted in March 2024.

gbhackersNews

Jul 10, 2025

Ransomware Activity Spikes Amid Qilin’s New Wave of Targeted Attacks

Ransomware actor targeting high-value global entertainment brands to maximize leverage and reputational damage.

dragos blogNews

May 21, 2025

Dragos Industrial Ransomware Analysis: Q1 2025

Ransomware actor listed as active in Q1 2025 targeting industrial sectors.

+1 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping2

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.