37°14'23.6"N 115°48'40.0"W ALT 4409M

NV-DZ-4411 FREQ 243.000 MODE SURV

SYS NOMINAL

SAT LOCK: 12 HDOP 0.82 SIG ████████░░

TOP SECRET // REL TO GLPMC FVEY

// Threat Intelligence

Threat Intelligence

Live observations and signal tracking across the current threat landscape. Updated as conditions change. Produced by Groom Lake operatives.

// FEED: ACTIVE • SOURCE: GL ANALYST UNIT • ACCESS: AUTHORIZED PERSONNEL

Scroll to Explore

// SENSOR LATTICE — ACTIVE

THREAT FIELD

REAPER // LIVE EXPOSURE DATA

LIVE

Current Exposure Data

Reaper monitors active leak activity, identity exposure, and threat signals across the crypto ecosystem. Data updated continuously.

View Live Threat Feed

1,240+

Identities Mapped

Active Leak Detections

4,800+

Monitored Threat Signals

7.4 / 10

Avg Exposure Score

// Intelligence Stream

Intel Drops

Short intelligence writeups and analyst observations. Published as the threat landscape changes.

Feed active — 3 current drops

DROP-001 ACTIVE THREAT 2025-03-12

Safe Wallet Cross-Chain Hijack

A Safe user lost their treasury after bridging to a contract address already deployed by an attacker. Legacy Safe deployments allow address recreation across chains, enabling malicious ownership takeover.

SAFE EXPLOIT CROSS-CHAIN

DROP-002 ANALYTICAL 2025-03-08

DPRK–PRC Credential Fraud Network

A 9GB leak reveals a North Korean operative collaborating with Chinese diploma fraud networks, blurring lines between nation-state cyber operations and organized crime.

DPRK FRAUD OSINT

DROP-003 BEHAVIORAL INTEL 2025-02-27

Inside a DPRK Operative's System

A leaked dataset exposes the daily life, tooling, and psychological patterns of a North Korean hacker, revealing structured work cycles and operational discipline.

APT FORENSICS BEHAVIORAL

// Prior Drops

Prior drops will be added soon.

// Operational Archive

Declassified Case Files

Select operations declassified and cleared for reference. Archive release — batch 01, 3 files available.

TOP SECRET // REL TO GL FVEY FULLY DECLASSIFIED ARCHIVE RELEASE

ARCHIVE // RELEASE BATCH 01 · FURTHER RELEASES PENDING REVIEW

// Known Threat Actors

Current Threat Landscape

Primary adversaries conducting documented, ongoing operations against crypto ecosystem targets. Profiles current as of latest monitoring cycle.

// THREAT ACTOR — ACTIVE

Lazarus Group (APT38)

ORIGIN: DPRK — Reconnaissance General Bureau

THREAT LEVEL: CRITICAL

State-sponsored APT under North Korean intelligence. Primary mission: cryptocurrency theft to fund DPRK weapons programs. Responsible for $3B+ in crypto theft since 2017. Active against DeFi protocols, exchanges, and individual executives. Demonstrates advanced capability combined with patient, research-intensive pre-operation targeting.

// THREAT ACTOR — ACTIVE

Scattered Spider

ORIGIN: English-speaking, distributed network

THREAT LEVEL: HIGH

Financially-motivated collective specializing in SIM swapping, vishing, and impersonation of IT and HR personnel. Responsible for multiple high-profile intrusions. Techniques include help desk manipulation, MFA fatigue attacks, and insider recruitment. Effective against organizations with weak identity verification procedures.

// THREAT ACTOR — ACTIVE

Russian APT Ecosystem

ORIGIN: Russia / CIS affiliated

THREAT LEVEL: HIGH

Multiple Russia-affiliated actors conduct targeted operations against crypto infrastructure for intelligence collection, financial theft, and geopolitical disruption. Activity spans exchange targeting, smart contract reconnaissance, personnel surveillance, and market manipulation. Correlates with geopolitical events and sanctions enforcement.

// REAPER — LIVE MONITORING ACTIVE

Monitor threats in real time.

Reaper gives you continuous visibility into active exposure. Track leaks, identity exposure, and threat activity as it develops.

Access Live Threat Feed