Skip to content
Ransomware group

RADAR

Radar is a cybercriminal threat actor identified in the provided reporting as both a ransomware group and an initial access broker (IAB).

Profile source: Mallory opens in a new tab

RADAR

Family profile

Radar is a cybercriminal threat actor identified in the provided reporting as both a ransomware group and an initial access broker (IAB). Reporting cited in the content states that four new ransomware groups emerged in 2025, including Radar. Separate reporting describes RADAR as a known IAB that listed RDP access to a Swiss company for sale in mid-October; that victim reportedly appeared on RansomHub’s leak site just over a month later, indicating a likely handoff of access to a downstream ransomware operator. The content also states that the RADAR group carried out a cluster of attacks against the real estate sector. Based on the provided material, Radar’s observed activity includes brokering or selling compromised remote access, specifically RDP access, and conducting attacks associated with the real estate sector. No nation-state attribution is provided in the content, and no additional aliases or sub-groups are mentioned beyond the name RADAR/Radar.

Ransomware.live

Operational record

View group record ↗

Ransomware.live

Published indicators

Full source record ↗

Tox

1 total
  • 8F514E8FDA683D7C5957CE9560EB5941B4840DB0C3CEDEFB57FD8E2D8CF5884B44D99B872E93

Session

1 total
  • 05e4f38090e06156b94ebf76e93ab4ccb761d761b886bbabf2df41c2bc341e8b30

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.