Click or press any key to continue

Epsilonε

Intelligence at the edge of the cluster.

The mission

ThreatCluster's automated pipeline does the heavy lifting - ingesting 8,000+ sources, clustering by meaning, extracting 17 entity types, scoring threats, and generating AI summaries at a scale no human team could match. Epsilon Research builds on that foundation. Our analysts dig into the backend data to identify patterns the algorithms surface, forecast where threats are heading, conduct targeted research into specific industries and threat landscapes, and layer in the expert domain context that turns good data into finished intelligence.

What we cover

Threat Actor Operations

APT groups, initial access brokers, and state-sponsored campaigns from first activity to attribution.

Malware Campaigns

Malware families, delivery mechanisms, C2 infrastructure, and evolution across variants.

Vulnerability Exploitation

From disclosure to active exploitation. CVE analysis, patch timelines, and weaponisation tracking.

Ransomware Ecosystems

Operator tracking, victim analysis, affiliate networks, and negotiation patterns.

Dark Web Activity

Forums, marketplaces, and leak sites. Credential dumps, access sales, and emerging threats.

Supply Chain Threats

Compromised packages, dependency attacks, and third-party risk across software supply chains.

What we produce

Threat Advisories

Timely, structured alerts covering active threats as they emerge. Each advisory includes severity assessment, affected products and versions, known exploitation activity, recommended mitigations, and links to the underlying clustered intelligence. Designed to be actionable the moment they land - not three days later.

Analytical Write-ups

Long-form research into campaigns, threat actor operations, and emerging attack patterns. Epsilon analysts reconstruct timelines across multiple clusters, trace actor infrastructure, map relationships between incidents, and provide the strategic context that helps security teams understand not just what happened but what it means for their environment.

The team

A distributed research group with hands-on experience in SOC operations, incident response, threat hunting, and detection engineering. Epsilon analysts work with ThreatCluster's full data pipeline - leveraging the platform's clustering, entity extraction, and scoring to identify what matters, then applying domain expertise to deliver research that goes beyond what automation alone can produce.

Read our latest research

Epsilon advisories and write-ups are published on the ThreatCluster blog.

Read the Blog Get in Touch

Experienced analyst, researcher, or detection engineer?

Join the Team