Dark Ops

Keep your
enemies close

Go on the offense with a global team of dark web operatives, threat hunters and good guys providing you the exotic intelligence and access you need in the places you can’t reach.

Get Demo

Expert Operatives In Your Corner

And every corner of the criminal underground

We know the underground because we live in the underground. Our global threat hunting and dark web intelligence team extends the reach of your security resources, engaging with the underground community. We give you an advantage over emerging threats and stop active threats before damage can be done. Integrated into hundreds of dark web communities and places where most can’t infiltrate, we combine open-source and human intelligence to fight back, engage with adversaries, triage threats and curate intelligence specific to you.

Engage with the enemy,
Increase your advantage

No two enemies are the same. We take a tailored dark ops approach with special investigations focused on gathering valuable, relevant intelligence and monitoring the specific threat actors that pose a threat to you. That includes intelligence on ransomware, eCrime, network and host vulnerabilities, compromised credentials, botnets and financial fraud.

  • Gain Early Warning

    Be the first to know of emerging or imminent threats and any potential data exposure

  • Exclusive Engagements

    We work for you, ensuring your interactions and transactions are conducted privately

  • Covert Operations

    Special covert projects that require deep engagement and asset recovery are where we specialize and win


Ransomware Leak Site Targets


Active Ransomware Leak Sites

Ransomware Group Activity
Number of Leaked Targets
Leak Site Activity per Week
Leak Site Targets by Region

26.34% Europe/Russia 55.48% USA/Canada 5.04% South America 6.73% APAC 2.40% ANZAC 3.92% Mid-East Africa
ZeroFox threat researchers constantly track top cyber criminal group activity including ransomware leak targets

Strike back to stay ahead

Strong dark ops means access and action. Operatives offer unmatched, accurate and efficient intelligence that goes beyond a traditional threat feed. Our threat hunters investigate and curate findings to generate finished intelligence relevant to your threat environment—and then go a step further, taking necessary actions to protect your assets and confidentiality.

Real-time underground intelligence

Get alerted when attackers maliciously engage with your network assets, your employees or your data and monitor relevant attacker chatter

Special investigations and preemptive intelligence

Gain early warning to emerging or imminent threats and be informed at the first signs of potential data exposure or 3rd party risks

Bad actor attribution

Unmask the groups and individual threat actors behind targeted attacks to understand their motivations, tactics, campaigns and plans

Breach containment and risk mitigation

Stay on top of compromise indicators including active infections, compromised credentials and stolen cards to harden defenses preemptively

Compromised intellectual property recovery

Leverage underground operatives with access and expertise to identify data and content exposure and secure your valuable information

Threat actor engagement

Access cryptocurrency intermediary services and negotiation skills to allow for anonymous settlement that is non-attributable and secure

Malware Infections

Get tipped to criminals brokering your stolen data because of a malware infection on a device and prevent becoming part of a criminal botnet

Our operatives know their way through the dark

Talk To An Expert

Stories from the field

Daily Intelligence Brief

Daily Intelligence Brief

Learn More

Daily intelligence delivered to your inbox


See ZeroFox in action