216.73.217.80

Sicarii Ransomware: Truth vs Myth

· Published 15/01/2026 11:45 · Modified 15/01/2026 12:31

Export JSON

Essential information

Published
15/01/2026 11:45
Modified
15/01/2026 12:31
Tags
2026-01-15 CVE-2025-64446 data exfiltration encryption false flag geo-fencing raas ransomware sicarii ransomware
Related entities
1 vulnerabilities (cve), 41 observables, 1 intrusion sets (apt), 5 techniques (mitre), 1 malware, 1 others

Description

A new operation called Sicarii emerged in late 2025, claiming Israeli/Jewish affiliation. The group uses Hebrew language, historical symbols, and right-wing ideological references in its branding. However, underground activity is primarily conducted in Russian, and the Hebrew content appears non-native. The 's technical capabilities include , credential collection, and file . It performs to avoid Israeli systems. The group's behavior and messaging diverge from typical practices, raising questions about its true identity and motives. Linguistic analysis and operational patterns suggest the claimed Israeli identity may be performative rather than genuine.

External references