Skip to main content
Mallory
Back to threat actors

Quantum

Also known asQuantum

Quantum is a ransomware group in the post-Conti cybercrime ecosystem. Multiple sources in the provided content state that after Conti disbanded in 2022 following internal chat leaks and law-enforcement pressure, members of the Russian- or Cyrillic-language group rebranded under subgroups including Zeon, Black Basta, and Quantum. The content further states that Quantum quickly rebranded to Royal, which later rebranded to BlackSuit in 2024. Quantum is also listed among other groups that former Conti members later joined or formed. Reporting in the provided content notes infrastructure overlap between Play and Quantum, including shared infrastructure and Cobalt Strike beacons with the same watermarks observed in Quantum attacks. The content also notes Quantum was active enough in late 2022 to list a Wall Street floor broker as a victim. Known related names directly mentioned in the content are Royal and BlackSuit; Quantum is also described as a subgroup/successor emerging from Conti.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
MITRE ATT&CK

Tradecraft

2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

2 of 15 tactics2 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0003
Persistence
1 technique
T1505
Server Software Component
TA0040
Impact
1 technique
T1486×2
Data Encrypted for Impact
ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app
cyberscoopNews
Jun 12, 2026
Conti ransomware group member pleads guilty, faces up to 20 years in prison | CyberScoop

Named as a Conti successor subgroup that rebranded first to Royal and later to BlackSuit.

Read more
bleeping computerNews
Jun 12, 2026
Ukrainian national pleads guilty to role in Conti ransomware operation

Named as one of the ransomware groups that former Conti members reportedly splintered into after Conti shut down.

Read more
cyberscoopNews
May 5, 2026
Latvian national sentenced for ransomware attacks run by former Conti leaders | CyberScoop

A subgroup formed from former Conti members that quickly rebranded to Royal and later to BlackSuit.

Read more
cyberscoopNews
Jan 21, 2026
Black Basta’s alleged ringleader identified as authorities raid homes of other members | CyberScoop

Named as a Conti-linked rebrand that subsequently rebranded to Royal and later to BlackSuit (2024).

Read more
+5 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping2

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.