What is a threat actor?
A threat actor is a person, group, or organization that carries out cyber activity. In Hanasand, the term usually means a ransomware group, leak-site operator, broker, or criminal crew claiming access to data.
Loading
Give Hanasand the names and domains to watch. We return a clear alert with what happened, why it matters, severity, and the next step.
Product
Coverage
Alert
Delivery
Setup
Alert flow
A threat actor is a criminal group or seller. A source is where the mention appeared. A webhook is just an automatic delivery to your existing tools.
Add company names, domains, subsidiaries, vendors, brands, executives, or portfolio companies.
Hanasand checks leak and extortion sites, Telegram groups, advisories, and dark web forums.
The alert explains the mention, source, severity, confidence, and the next review step.
Send the alert through an email, webhook, Slack/Jira/SIEM flow, cases, or to the analyst console.
Watches companies and suppliers
Enter the companies, domains, vendors, brands, or executives you care about. Hanasand watches for new mentions and notifies you.
Explains what happened
Each result says who posted the claim, which company was named, what data was mentioned, how confident the match is, and what to do next.
Operator paths
How monitoring works
Each alert is built for the first triage decision: who posted it, which company was named, what data was mentioned, when it appeared, and what to do next.
FAQ
A threat actor is a person, group, or organization that carries out cyber activity. In Hanasand, the term usually means a ransomware group, leak-site operator, broker, or criminal crew claiming access to data.
Hanasand monitors company, vendor, domain, brand, and executive mentions across exposure sources such as leak sites, extortion posts, public threat intelligence, advisories, and analyst-reviewed records.
An exposure alert is created when a monitored company, supplier, domain, or related term appears in a source that may indicate leaked data, ransomware activity, credential exposure, or a security-relevant claim.
No. An alert means a source made a relevant claim or mention. Hanasand shows the source, context, data mentioned, confidence, and next review step so an analyst can verify the claim before escalation.
The live activity feed refreshes automatically. Some sources update within minutes, while others depend on source availability, verification, and collection timing.
Inspect group activity, sources, artifacts, watchlist fit, and handoff actions.
Route notifications
Send reviewed alerts to configured webhooks, cases, and the analyst console.
OpenYes. Watchlists can include suppliers, portfolio companies, subsidiaries, domains, brands, and executive names so third-party exposure is visible before it becomes a customer issue.
Solutions
Ransomware and exposure notifications for watched companies and vendors.
Short-lived isolated Regular and Tor browser workspaces with capture, profiles, and source tracking.
Security review, DPA, subprocessors, SLA notes, and current certification boundaries.
Package exposure findings into customer-ready review links and follow-up steps.