Check Your Exposure
See Your Data

Cybercrime Security Research

SpyCloud Labs is a focused cybercrime research group dedicated to uncovering and analyzing the most intricate patterns from the criminal underground. We nerd out on all things breach, malware, phishing, and threat actor-related โ€“ and are hellbent on making the internet a safer place for all. This is a space for our experts to share our latest research findings as well as best practices and solutions for organizations to better their defenses.

Latest security research

Dig in with us as we analyze digital underground collections, reverse-engineer malware, and identify threat actor patterns.

Webinars and videos

Tune in to hear new and interesting research insights from our experts, first-hand.

SpyCloud Labs in the news

Insights and research from the team making headlines.

N2K Cyberwire

Cyberwire Research Saturday: The hidden cost of data hoarding

Read more
FinXtech

An Expert in the Dark Web Describes How to Manage the Risk

Read more
Wired

Chinaโ€™s Surveillance State Is Selling Citizen Data as a Side Hustle

Read more
The Register

Brazen crims selling stolen credit cards on Meta’s Threads

Read more
N2K Cyberwire

Ransomware on repeat

Read more

Magazine Exclusive: The Business of Cybercrime Explodes

Read more

Cybercrime analytics company releases update regarding massive PII data breach

Read more
Logo: Security Boulevard

How cybercriminals are using โ€˜infostealersโ€™ to sidestep passwordless authentication

Read more
IT Brew

Fed agencies โ€˜leveling upโ€™ on disruptive cyber tactics, former FBI pro says

Read more
N2K Cyberwire

Exploring the mechanics of Infostealer malware

Read more
PCMag

Passkeys: What They Are and Why You Need Them ASAP

Read more
U.S News

Best Password Managers of 2024

Read more
HelpNet Security, an enterprise cybersecurity news outlet that has published news about SpyCloud.

Cybercriminals use cheap and simple infostealers to exfiltrate data

Read more
Logo: WSJ

A Pain-Free Way to Secure All Your Online Accounts

Read more
IT Pro Today

Is Passkey Authentication More Secure Than Traditional Passwords?

Read more
Digital Information World

Former FBI Expert Warns of Cookie Theft Emerging as Major Cybersecurity Threat, Surpassing Password Concerns with its Ability to Bypass Protections

Read more
spycloud-company-news

SpyCloud Doubles Down on Industry-leading Cybercrime Research with Launch of SpyCloud Labs

Read more
Cyber Security Excellence Award 2025

2025 Cybersecurity Excellence Awards “Cybersecurity Team of the Year”

Meet the research team

The fuel behind our efforts is a talented team of analysts and researchers relentlessly focused on connecting the dots as threat actors pivot and change.

Trevor Hilligoss

Trevor served nine years in the U.S. Army and has an extensive background in federal law enforcement, tracking threat actors for both the DoD and FBI. He is a member of the Joint Ransomware Task Force and serves in an advisory capacity for multiple cybersecurity-focused non-profits. He has spoken at numerous US and international cyber conferences, holds multiple federal and industry certifications in the field of cybersecurity, and is a recipient of the President's Volunteer Service Award for volunteer service aimed at countering cyber threats. Trevor is the Senior Vice President of SpyCloud Labs.

Wallis Romzek, PhD

Dr. Wallis Romzek is an applied mathematician who has spent the last decade leveraging Big Data and machine learning to tackle problems in the information and cybersecurity spaces. Most recently, her work has focused on tracking and characterizing cybercrime and its potential victims for SpyCloud and a number of government organizations. She is SpyCloudโ€™s Principal Data Scientist.

Kyla Cardona

Kyla is a U.S. military veteran from the Air Force, Marines, and Army, holds a BS in Computer Information Systems and multiple cybersecurity certifications including Security+, CEH, CySA+, and Splunk. Specializing in Terrorism and Homeland Security certifications coupled with extensive Chinese OSINT training, she possesses a strong sense and understanding of geopolitical cyber threats in Chinaโ€™s digital landscape. Kyla is a Staff Security Researcher at SpyCloud, with a focus on cyber threats in China and other cybercrimes occurring within deep/dark web illicit communities.

Joe Roosen

Joe spent 20 years in various system administration, consulting and design roles in information technology but eventually shifted his focus to security and thwarting cybercrime. What started as a volunteer passion project in 2017 with the Cryptolaemus group fighting Emotet has now turned into a full-fledged information security career. Joe works as the Security Research Manager at SpyCloud Labs now leading his team to collect all of the data breaches and leaks possible. "Gotta catch them all!"

Aurora Johnson

Aurora is an information security researcher and cybersecurity policy expert who worked as a Senior Analyst for CISA before joining SpyCloud as Responsible Disclosure Coordinator. She manages the program to alert organizations when SpyCloud finds their sensitive breached, leaked, or exposed data through its collections. Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem and was a recipient of the Presidentโ€™s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats.

Mike Dausin

Mike has a long-standing fascination with leveraging data to solve security problems and has spent the last 20+ years writing security and automation tools and analytics at Dell, TippingPoint, Arbor Networks, and Alert Logic. Now as Data Analysis Manager at SpyCloud, he leads the Security Data Analytics team and is responsible for taming the chaos of raw breach data.

Jakob S.

Jakob is a trained software engineer and a recent newcomer to the cybersecurity realm. He works as a Junior Security Data Analyst on the SpyCloud Labs parsing team.

James

James is a self taught reverse engineer with published analyses featured by ZDNet, ThreatPost, BleepingComputer and other publications. They have experience reversing popular mailstealers/malspam families like Emotet, IcedID, and were a recipient of the the President's Volunteer Services Award in 2023 for public reversing work done on these families. They are currently tracking all things infostealer at SpyCloud.

Yashar H.

Yashar is a GIAC Certified Forensic Analyst (GCFA) and a former SOC/Incident Response analyst who dabbles in security research and reverse engineering in his free time. At SpyCloud, he works as a Staff Security Data Analyst, focusing primarily on processing breach data for the SpyCloud Cybercrime Analytics Engine.

Daniel

Daniel is hyper-focused on developing new methods to automate the collections process and acquire more data from criminal communities. He is a Senior Security Researcher at SpyCloud Labs.

Paul S.

Paul S. is from the UK and is a biochemist with a PhD in medical research. He decided to leave the life of medical research behind to become a sysadmin for the Crown. It was there he found a love of taking apart phishing campaigns and thwarting bad actors. Paul now hunts phish for a living as our latest Staff Security Researcher.

Andy Culler

Andy is a seasoned security engineer passionate about automation. He started his career as an analyst and tool developer at Dell SecureWorks before moving on to help build security engineering and automation programs at Box and Slack. As a Principal Security Research Engineer at SpyCloud, Andy is excited to leverage his more than 15 years of industry experience to tackle new challenges in the world of security research.

Keegan Keplinger

Keegan has degrees in physics, neuroscience, and mathematics and holds a President's Volunteer Service Award for cybersecurity. Raised a commercial fisherman out of Kodiak, Alaska, Keegan joined the cybersecurity community in 2017, as part of eSentire's Threat Intelligence team where he participated in detection engineering, tool building and the collection, analysis, and dissemination of threat intelligence. Keegan studies the linguistics and humanities of Slavic and Germanic cultures as part of a broader interest in Proto-Indo-European studies. At SpyCloud, Keegan focuses on tool-development, methodology, and theory around collection and promotes a disease-based view of criminology.

Zoe Neale

Zoe began her professional career in June 2024 after graduating from The University of Texas at Austin, interning in cybersecurity with a focus on DevOps. Now a Security Data Analyst at SpyCloud, she leverages her background in mathematics, computer science, and data science to analyze and parse security data, with a strong interest in machine learning.

Aaron Coffey

Forged at industry leaders like Google and Box, Aaron crafts elegant solutions to accelerate threat intelligence and disrupt cybercriminal operations. As a Senior Security Research Engineer at SpyCloud, he brings over a decade of expertise across IT, Incident Response, Security Automation, and Detection Engineering. Outside the world of threat research, Aaron swaps code for a camera, capturing landscapes instead of compromises.

Meet the research team

The fuel behind our efforts is a talented team of analysts and researchers relentlessly focused on connecting the dots as threat actors pivot and change.

Trevor Hilligoss

Trevor served nine years in the U.S. Army and has an extensive background in federal law enforcement, tracking threat actors for both the DoD and FBI. He is a member of the Joint Ransomware Task Force and serves in an advisory capacity for multiple cybersecurity-focused non-profits. He has spoken at numerous US and international cyber conferences, holds multiple federal and industry certifications in the field of cybersecurity, and is a recipient of the President's Volunteer Service Award for volunteer service aimed at countering cyber threats. Trevor is the Vice President of SpyCloud Labs

Wallis Romzek, PhD

Dr. Wallis Romzek is an applied mathematician who has spent the last decade leveraging Big Data and machine learning to tackle problems in the information and cybersecurity spaces. Most recently, her work has focused on tracking and characterizing cybercrime and its potential victims for SpyCloud and a number of government organizations. She is SpyCloudโ€™s Principal Data Scientist.

James

James is a self taught reverse engineer with published analyses featured by ZDNet, ThreatPost, BleepingComputer and other publications. They have experience reversing popular mailstealers/malspam families like Emotet, IcedID, and were a recipient of the the President's Volunteer Services Award in 2023 for public reversing work done on these families. They are currently tracking all things infostealer at SpyCloud.

Kyla Cardona

Kyla is a U.S. military veteran from the Air Force, Marines, and Army, holds a BS in Computer Information Systems and multiple cybersecurity certifications including Security+, CEH, CySA+, and Splunk. Specializing in Terrorism and Homeland Security certifications coupled with extensive Chinese OSINT training, she possesses a strong sense and understanding of geopolitical cyber threats in Chinaโ€™s digital landscape. Kyla is a Staff Security Researcher at SpyCloud, with a focus on cyber threats in China and other cybercrimes occurring within deep/dark web illicit communities.

Joe Roosen

Joe spent 20 years in various system administration, consulting and design roles in information technology but eventually shifted his focus to security and thwarting cybercrime. What started as a volunteer passion project in 2017 with the Cryptolaemus group fighting Emotet has now turned into a full-fledged information security career. Joe works as the Security Research Manager at SpyCloud Labs now leading his team to collect all of the data breaches and leaks possible. "Gotta catch them all!"

Aurora Johnson

Aurora is an information security researcher and cybersecurity policy expert who worked as a Senior Analyst for CISA before joining SpyCloud as Responsible Disclosure Coordinator. She manages the program to alert organizations when SpyCloud finds their sensitive breached, leaked, or exposed data through its collections. Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem and was a recipient of the Presidentโ€™s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats.

Mike Dausin

Mike has a long-standing fascination with leveraging data to solve security problems and has spent the last 20+ years writing security and automation tools and analytics at Dell, TippingPoint, Arbor Networks, and Alert Logic. Now as Data Analysis Manager at SpyCloud, he leads the Security Data Analytics team and is responsible for taming the chaos of raw breach data.

Jakob S.

Jakob is a trained software engineer and a recent newcomer to the cybersecurity realm. He works as a Junior Security Data Analyst on the SpyCloud Labs parsing team.

Yashar H.

Yashar is a GIAC Certified Forensic Analyst (GCFA) and a former SOC/Incident Response analyst who dabbles in security research and reverse engineering in his free time. At SpyCloud, he works as a Staff Security Data Analyst, focusing primarily on processing breach data for the SpyCloud Cybercrime Analytics Engine.

Daniel

Daniel is hyper-focused on developing new methods to automate the collections process and acquire more data from criminal communities. He is a Senior Security Researcher at SpyCloud Labs.

Paul S.

Paul S. is from the UK and is a biochemist with a PhD in medical research. He decided to leave the life of medical research behind to become a sysadmin for the Crown. It was there he found a love of taking apart phishing campaigns and thwarting bad actors. Paul now hunts phish for a living as our latest Staff Security Researcher.

Keegan Keplinger

Keegan has degrees in physics, neuroscience, and mathematics and holds a President's Volunteer Service Award for cybersecurity. Raised a commercial fisherman out of Kodiak, Alaska, Keegan joined the cybersecurity community in 2017, as part of eSentire's Threat Intelligence team where he participated in detection engineering, tool building and the collection, analysis, and dissemination of threat intelligence. Keegan studies the linguistics and humanities of Slavic and Germanic cultures as part of a broader interest in Proto-Indo-European studies. At SpyCloud, Keegan focuses on tool-development, methodology, and theory around collection and promotes a disease-based view of criminology.

Andy Culler

Andy is a seasoned security engineer passionate about automation. He started his career as an analyst and tool developer at Dell SecureWorks before moving on to help build security engineering and automation programs at Box and Slack. As a Principal Security Research Engineer at SpyCloud, Andy is excited to leverage his more than 15 years of industry experience to tackle new challenges in the world of security research.

Zoe Neale

Zoe began her professional career in June 2024 after graduating from The University of Texas at Austin, interning in cybersecurity with a focus on DevOps. Now a Security Data Analyst at SpyCloud, she leverages her background in mathematics, computer science, and data science to analyze and parse security data, with a strong interest in machine learning.

Aaron Coffey

Forged at industry leaders like Google and Box, Aaron crafts elegant solutions to accelerate threat intelligence and disrupt cybercriminal operations. As a Senior Security Research Engineer at SpyCloud, he brings over a decade of expertise across IT, Incident Response, Security Automation, and Detection Engineering. Outside the world of threat research, Aaron swaps code for a camera, capturing landscapes instead of compromises.

Meet the research team

Trevor Hilligoss

Trevor served nine years in the U.S. Army and has an extensive background in federal law enforcement, tracking threat actors for both the DoD and FBI. He is a member of the Joint Ransomware Task Force and serves in an advisory capacity for multiple cybersecurity-focused non-profits. He has spoken at numerous US and international cyber conferences, holds multiple federal and industry certifications in the field of cybersecurity, and is a recipient of the President's Volunteer Service Award for volunteer service aimed at countering cyber threats. Trevor is the Vice President of SpyCloud Labs

Wallis Romzek, PhD

Dr. Wallis Romzek is an applied mathematician who has spent the last decade leveraging Big Data and machine learning to tackle problems in the information and cybersecurity spaces. Most recently, her work has focused on tracking and characterizing cybercrime and its potential victims for SpyCloud and a number of government organizations. She is SpyCloudโ€™s Principal Data Scientist.

James

James is a self taught reverse engineer with published analyses featured by ZDNet, ThreatPost, BleepingComputer and other publications. They have experience reversing popular mailstealers/malspam families like Emotet, IcedID, and were a recipient of the the President's Volunteer Services Award in 2023 for public reversing work done on these families. They are currently tracking all things infostealer at SpyCloud.

Kyla Cardona

Kyla is a U.S. military veteran from the Air Force, Marines, and Army, holds a BS in Computer Information Systems and multiple cybersecurity certifications including Security+, CEH, CySA+, and Splunk. Specializing in Terrorism and Homeland Security certifications coupled with extensive Chinese OSINT training, she possesses a strong sense and understanding of geopolitical cyber threats in Chinaโ€™s digital landscape. Kyla is a Staff Security Researcher at SpyCloud, with a focus on cyber threats in China and other cybercrimes occurring within deep/dark web illicit communities.

Joe Roosen

Joe spent 20 years in various system administration, consulting and design roles in information technology but eventually shifted his focus to security and thwarting cybercrime. What started as a volunteer passion project in 2017 with the Cryptolaemus group fighting Emotet has now turned into a full-fledged information security career. Joe works as the Security Research Manager at SpyCloud Labs now leading his team to collect all of the data breaches and leaks possible. "Gotta catch them all!"

Aurora Johnson

Aurora is an information security researcher and cybersecurity policy expert who worked as a Senior Analyst for CISA before joining SpyCloud as Responsible Disclosure Coordinator. She manages the program to alert organizations when SpyCloud finds their sensitive breached, leaked, or exposed data through its collections. Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem and was a recipient of the Presidentโ€™s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats.

Mike Dausin

Mike has a long-standing fascination with leveraging data to solve security problems and has spent the last 20+ years writing security and automation tools and analytics at Dell, TippingPoint, Arbor Networks, and Alert Logic. Now as Data Analysis Manager at SpyCloud, he leads the Security Data Analytics team and is responsible for taming the chaos of raw breach data.

Yashar H.

Yashar is a GIAC Certified Forensic Analyst (GCFA) and a former SOC/Incident Response analyst who dabbles in security research and reverse engineering in his free time. At SpyCloud, he works as a Staff Security Data Analyst, focusing primarily on processing breach data for the SpyCloud Cybercrime Analytics Engine.

Daniel

Daniel is hyper-focused on developing new methods to automate the collections process and acquire more data from criminal communities. He is a Senior Security Researcher at SpyCloud Labs.

Jakob S.

Jakob is a trained software engineer and a recent newcomer to the cybersecurity realm. He works as a Junior Security Data Analyst on the SpyCloud Labs parsing team.

Paul S.

Paul S. is from the UK and is a biochemist with a PhD in medical research. He decided to leave the life of medical research behind to become a sysadmin for the Crown. It was there he found a love of taking apart phishing campaigns and thwarting bad actors. Paul now hunts phish for a living as our latest Staff Security Researcher.

Keegan Keplinger

Keegan has degrees in physics, neuroscience, and mathematics and holds a President's Volunteer Service Award for cybersecurity. Raised a commercial fisherman out of Kodiak, Alaska, Keegan joined the cybersecurity community in 2017, as part of eSentire's Threat Intelligence team where he participated in detection engineering, tool building and the collection, analysis, and dissemination of threat intelligence. Keegan studies the linguistics and humanities of Slavic and Germanic cultures as part of a broader interest in Proto-Indo-European studies. At SpyCloud, Keegan focuses on tool-development, methodology, and theory around collection and promotes a disease-based view of criminology.

Andy Culler

Andy is a seasoned security engineer passionate about automation. He started his career as an analyst and tool developer at Dell SecureWorks before moving on to help build security engineering and automation programs at Box and Slack. As a Principal Security Research Engineer at SpyCloud, Andy is excited to leverage his more than 15 years of industry experience to tackle new challenges in the world of security research.

Zoe Neale

Zoe began her professional career in June 2024 after graduating from The University of Texas at Austin, interning in cybersecurity with a focus on DevOps. Now a Security Data Analyst at SpyCloud, she leverages her background in mathematics, computer science, and data science to analyze and parse security data, with a strong interest in machine learning.

Aaron Coffey

Forged at industry leaders like Google and Box, Aaron crafts elegant solutions to accelerate threat intelligence and disrupt cybercriminal operations. As a Senior Security Research Engineer at SpyCloud, he brings over a decade of expertise across IT, Incident Response, Security Automation, and Detection Engineering. Outside the world of threat research, Aaron swaps code for a camera, capturing landscapes instead of compromises.

Driven by SpyCloud Cybercrime Analytics

The purpose of SpyCloud Labs is to relentlessly analyze the active tactics weโ€™re seeing among cybercriminals and look ahead in the evolution of these practices. We use Cybercrime Analytics to illuminate exposures relating to employee and customer credentials, cookies, PII, and other stolen assets so you can protect your organization.

Billion
0 +
Recaptured
Assets
0 K+

Breaches

Billion
0 +
Assets Ingested Monthly
0 +

Malware
Families

Get the latest research

Sign up to receive regular updates from SpyCloud, including new cybercrime research, product updates, and security resources.
Follow us on x

About SpyCloud's Responsible Disclosure Program

SpyCloud Labs coordinates SpyCloud’s Responsible Disclosure (RD) program. We regularly and proactively engage with victimized organizations to make sure they have access to the data that was allegedly stolen from them, giving them an opportunity to remediate potential user or employee exposures due to the release of the information.
SpyCloud’s automated identity threat protection solutions leverage advanced analytics to prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations.
SpyCloud, Inc.

2130 S Congress Ave
Austin, Texas 78704
Call:ย 1-800-513-2502

SOLUTIONS
COMPANY
USE CASES
  • By function
  • By industry
RESOURCES
  • Know more
  • See more
PARTNERS

ยฉ2024 SpyCloud, Inc. All Rights Reserved

Cookie Preferences

The SpyCloud 2025 Annual Identity Exposure Report is in orbit. ๐Ÿš€ Read the full report here >>

Got it!
X