What happens when criminal enterprises turn on each other? A public squabble between two ransomware groups has turned that hypothetical into a very real risk, with one gang threatening to expose people tied to the other.
What unfolded
Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit, according to reporting on the dispute. The confrontation is public and personal: 0APT's threat focuses on revealing individuals said to be connected to Krybit rather than limiting the conflict to technical attacks or extortion demands.
Context and background
The episode fits a broader pattern in which criminal networks do not operate as unified, cooperative entities but as competitive, sometimes fractious groups. In this instance, the dispute crossed from competition into explicit threats of exposure, elevating the stakes beyond simple theft or ransom negotiations. The reporting identifies the two parties by name—0APT and Krybit—and frames the incident as a direct clash between them.
Why this matters
- Operational risk: Public threats to reveal affiliates may force one or both groups to change tactics, expose transaction trails, or hurriedly relocate infrastructure, any of which can create unpredictable operational behavior that increases collateral harm.
- Collateral damage: When criminal actors threaten to unmask people linked to rival groups, those individuals — whether actual participants or peripheral associates — could face consequences ranging from reputational damage to targeted retaliation.
- Threat landscape volatility: In-fighting can accelerate escalation or induce splintering, producing new actors or copycat behavior. That volatility complicates defenders' ability to prioritize mitigation or attribute attacks accurately.
- Visibility for defenders and policymakers: A public spat draws attention to the actors involved and may offer intelligence opportunities, but it also risks sensationalizing criminal activity in ways that obscure victims and technical details.
Perspectives to consider
- Technologists: Security teams may see short windows of opportunity to analyze communications or infrastructure changes precipitated by the dispute, but they should also prepare for erratic behavior that can complicate detection and response.
- Policymakers: The conflict highlights how criminal dynamics can shift rapidly; policy responses that assume static adversaries may be outpaced by intra-group competition.
- Users and organizations: Even when criminal groups target one another, the fallout can increase exposure for bystanders. Organizations should maintain basic defenses and incident readiness because the effects of such disputes are not confined to the gangs themselves.
- Adversaries: Rival criminal actors may exploit the moment to recruit disaffected members or to initiate secondary operations that capitalize on the distraction.
The confrontation between 0APT and Krybit, framed by a threat to expose people affiliated with one side, is a reminder that the criminal cyber ecosystem is neither monolithic nor predictable. When thieves turn on each other, who ultimately pays the price?
https://go.theregister.com/feed/www.theregister.com/2026/04/14/0apt_krybit_spat/



