Beast Ransomware — Victims, Campaigns & Activity

Threat entity extracted from intelligence sources

Frequency
8
occurrences
First Seen
November 25, 2025
Last Seen
July 9, 2026

Beast is a ransomware_group tracked across 4 threat clusters and 8 intelligence report mentions on ThreatCluster. First observed November 25, 2025; most recent activity July 9, 2026.

Related Threat Clusters

  • GodDamn Ransomware Leverages Microsoft-Signed Driver for Attacks

    The GodDamn ransomware, a rebrand of the Beast and Monster strains, has emerged as a significant threat, primarily targeting American organizations across various sectors. The threat group Hyadina utilized a malicious…

    14 articles · Updated July 9, 2026
  • AI-Driven Exploit Bypasses Apple's M5 Security in Days

    Researchers from Calif, a Palo Alto-based cybersecurity startup, successfully exploited Apple's Memory Integrity Enforcement (MIE) on the M5 chip within a week using Anthropic's AI model, Claude Mythos. The exploit…

    28 articles · Updated May 14, 2026
  • Beast Ransomware Toolkit Exposed in Open Directory Incident

    An open server linked to the Beast ransomware group was discovered, revealing their extensive toolkit and attack methods. This ransomware-as-a-service (RaaS) group, active since June 2024, is believed to be a successor…

    2 articles · Updated March 20, 2026
  • CYFIRMA Industry Reports on Cyber Threats in Telecommunications and Manufacturing

    CYFIRMA released two industry reports focusing on the telecommunications and manufacturing sectors, analyzing the external threat landscape over the past three months. The reports provide insights into key trends and…

    2 articles · Updated November 25, 2025

Recent Intelligence Reports

  • GodDamn Ransomware Rebrands From Beast and Uses PoisonX Driver to Disable Defenses — Cybersecuritynews · July 9, 2026
  • GodDamn Ransomware Uses PoisonX to Blind Security Software — Securityaffairs.Co · July 9, 2026
  • GodDamn ransomware uses Microsoft — Feeds.4Sysops · July 9, 2026
  • GodDamn Ransomware Attack Uses PsExec Lateral Movement and NirSoft Toolkit for Credential Theft — Gbhackers · July 9, 2026
  • 'GodDamn' Ransomware Uses BYOVD to Smite US Companies — Darkreading · July 9, 2026
  • Company — calif.io · May 15, 2026
  • Cyber OpSec Fail: Beast Gang Exposes Ransomware Server — Darkreading · March 20, 2026
  • CYFIRMA INDUSTRY REPORT : TELECOMMUNICATIONS & MEDIA — Cyfirma · November 25, 2025

CVSS v3.1 Breakdown