Recursion Team was a cybercriminal group active between 2020 and 2021. According to the provided reporting, the group specialized primarily in SIM swapping and swatting. Additional reporting links the group to fraudulent emergency data requests used to obtain subscriber information from service providers. The content states that WhiteDoxbin was a founding member of Recursion Team prior to launching LAPSUS$, and separately links White and Amtrak to the group. Recursion Team is described as a criminal group rather than a state-sponsored actor.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Earlier cybercriminal group tied to some LAPSUS$ members, specializing in SIM swapping, swatting, and fraudulent law-enforcement data request services.
Cybercriminal group associated with SIM swapping and swatting activity prior to the formation of LAPSUS$.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.