?Formally attributedActive
LockBit
Coverage omission — Eastern
Prolific ransomware-as-a-service operation that became the most deployed ransomware globally from 2022 to 2024. Disrupted by law enforcement Operation Cronos in February 2024 but resumed operations shortly after.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.4
Low signal strength
Mentions4
Sources2
High conf.2
Last seenJun 2026
First observed
2019
Last active
Active
Origin
Eastern Europe — leader identified as Russian national by law enforcement
Aliases
5
Techniques
0
Campaigns
0
Eastern Europe — leader identified as Russian national by law enforcementhigh confidence
TargetsGovernmentHealthcareFinancialManufacturingLegal
RegionsUsEuGlobal
Attribution signals
4 mentions · 2 sources#1unspecifiedhigh
Unspecified
wired-security
May 2026
"The LockBit group hit another Foxconn facility in Mexico in May 2022 and disrupted production."
#2unspecifiedhigh
Unspecified
wired-security
May 2026
"Most recently, LockBit attacked a subsidiary called Foxsemicon Integrated Technology in 2024 with defacements and data breach claims."
#3unspecifiedunspecified
Unspecified
socradar
Jun 2026
"Brazil = #2 target country in Q1 2026 (8.6% of victims)"
#4unspecifiedunspecified
Geopolitical
socradar
Jun 2026
"Brazil bearing the brunt of an extensive and unequal increase in global cyber threat activity"
Hedge terms observed
unspecified