Play Ransomware — Victims, Campaigns & Activity

Threat entity extracted from intelligence sources

Frequency
25
occurrences
First Seen
November 3, 2025
Last Seen
July 17, 2026

Play is a ransomware_group tracked across 17 threat clusters and 25 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 17, 2026.

Related Threat Clusters

  • US Indicts Russian Nationals for $62M Cybercrime Scheme Targeting Critical Infrastructure

    On July 14, 2026, the US Justice Department unsealed an indictment against three Russian nationals—Alexander Volosovik, Kirill Zatolokin, and Yulia Pankova—accused of operating bulletproof hosting services that…

    26 articles · Updated July 14, 2026
  • Exploitation of Remote Services in Cyber Attacks

    Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…

    2 articles · Updated June 3, 2026
  • Critical Vulnerabilities in ConnectWise ScreenConnect Exploited in Active Attacks

    ConnectWise ScreenConnect has been compromised by two critical vulnerabilities, CVE-2024-1708 and CVE-2024-1709, which allow attackers to bypass authentication and execute remote code. The vulnerabilities were disclosed…

    9 articles · Updated April 29, 2026
  • LockBit Ransomware Group Launches New Data Leak Site and Upgrades to Version 5.0

    The LockBit ransomware group has returned with a new data leak site, claiming seven new victims. Following a series of law enforcement actions in early 2024 that disrupted its operations, LockBit has introduced version…

    3 articles · Updated December 5, 2025
  • Ransomware Fuels Surge in Global Cyberattacks

    As of February 12, 2026, organizations worldwide are experiencing an average of 2,090 cyber-attacks per week, largely driven by ransomware incidents. This increase highlights the ongoing challenges faced by businesses…

    1443 articles · Updated February 12, 2026
  • Rise of AI-Driven Scams Targeting UK SMEs

    UK small and medium-sized enterprises (SMEs) are increasingly vulnerable to sophisticated AI-driven scams, as highlighted by recent reports. The emergence of 'AI scams 2.0' combines traditional social engineering…

    704 articles · Updated March 12, 2026
  • Ransomware Threats Intensify for Mid-Market Firms in 2026

    Ransomware attacks are increasingly targeting mid-market firms, with two-thirds reporting breaches in the past year. The rise of Ransomware-as-a-Service (RaaS) has made these attacks more accessible to less…

    19 articles · Updated January 6, 2026
  • Brokk Hacked by Play Ransomware Gang, Data Threatened with Leak

    Brokk, a Swedish manufacturer of remote-controlled demolition machinery, was allegedly hacked by the Play ransomware gang, which is linked to Russia. The gang has threatened to leak a 4GB dataset containing sensitive…

    2 articles · Updated April 3, 2026
  • Play Ransomware Group Breaches ADC Aerospace Data

    ADC Aerospace, a U.S. engineering component manufacturer, has been targeted by the Play ransomware group, which claims to have accessed sensitive data. The breach includes unauthorized access to databases and potential…

    4 articles · Updated December 1, 2025
  • Kirbor Homes Ransomware Attack Exposes Personal Data

    Kirbor Homes experienced a ransomware attack on June 10, 2026, which compromised its computer systems. The ransomware group PLAY claimed responsibility for the breach, stating they had obtained sensitive data, including…

    2 articles · Updated July 17, 2026

Recent Intelligence Reports

  • Kirbor Homes Data Breach Exposes Social Security Numbers & More — Claimdepot · July 17, 2026
  • US charges Russian ‘bulletproof’ web hosts over cyberattacks that netted $62M from cybercrime victims — Techcrunch · July 15, 2026
  • US charges alleged operators of Russian bulletproof hosting service — Bleepingcomputer · July 15, 2026
  • PCS Data Breach Exposes Social Security Numbers — Claimdepot · June 9, 2026
  • External Remote Services — attack.mitre.org · June 3, 2026
  • IT security researchers from Huntress provide helpful hints — www.huntress.com · April 29, 2026
  • Europol IOCTA 2026 report flags shift to industrialised cybercrime powered by AI ... — Industrialcyber.Co · April 29, 2026
  • Cybercrime losses jumped 26% to $20.9 billion in 2025 — Cyberscoop · April 7, 2026

CVSS v3.1 Breakdown