08.08.2025
2 min
519
Cybercriminal groups Royal and BlackSuit, who are behind numerous attacks in the United States, have committed more than 450 hacks of companies, receiving more than $ 370 million in ransoms. After their recent cessation of operations, experts have discovered a new threat: these criminals have probably reworked their infrastructure and are ready to attack with new methods under the Chaos brand.
According to the US Department of Homeland Security, the Royal and BlackSuit groups have infiltrated more than 450 US organizations in the past few years, including representatives of the healthcare, education, energy and government sectors. They used double blackmail, encrypting their victims’ systems and threatening to publish stolen data to force them to pay more. As a result, these cybercriminals earned more than $ 370 million in cryptocurrencies.
In July 2025, the US Department of Justice confirmed that it had seized the BlackSuit dark web domains, posting seizure banners as part of the international “Checkmate” operation. The criminals, who previously operated under the Quantum brand, known for their affiliation with the Conti group, later switched to using their own Zeon encryptor, and since 2023 have been operating under new brands Royal and BlackSuit.
The Royal and BlackSuit groups became known in cyberspace after a series of attacks in 2022, initially under the Quantum brand. They quickly established themselves as one of the most effective criminal groups due to their ability to conduct sophisticated and large-scale data encryption operations. After the groups gained access to their core infrastructures, law enforcement agencies, together with international partners, carried out a large-scale operation that resulted in the removal of their dark web sites.
