Close this search box.

SpyCloud Doubles Down on Industry-leading Cybercrime Research with Launch of SpyCloud Labs


Seasoned team of security researchers to focus on digital underground collections, reverse-engineering malware, and identifying threat actor patterns to power cybercrime prevention

Austin, TX – January 31, 2024 – SpyCloud, the leader in Cybercrime Analytics, today announced the launch of SpyCloud Labs, a targeted cybercrime research effort focused on uncovering and analyzing the digital underground to proactively disrupt cybercrime.

With the launch of SpyCloud Labs, the larger security community will have a window into the insights SpyCloud analysts gather about the intricacies of the underground criminal ecosystem – including findings gained from reverse-engineering emerging malware families that infect business systems and open the doors to follow-on attacks like ransomware. In addition to driving the analysis and data behind SpyCloud’s industry-leading products, SpyCloud Labs’ cybercrime analysts and researchers will produce and publish innovative research on the SpyCloud website and share findings in webinars, industry events, and conferences.

SpyCloud’s unique process for recapturing breaches and malware-exfiltrated data means that SpyCloud Labs is able to analyze threat actor behavior and surface little-known and newly emerging patterns in threat activity based on real data – as it’s happening.

In the last 7+ years, SpyCloud has recaptured more than 500+ billion stolen assets from the criminal underground, including traditionally-targeted information like email/username and password credential sets, authenticated session tokens, as well as assets gaining traction, like password vault credentials, credit card information, API keys, and cryptocurrency addresses. In 2024, the team expects to surpass a trillion total recaptured stolen assets.

“The scale of criminal activity we’re seeing today is mind-boggling and growing at an alarming rate. The purpose of SpyCloud Labs is to relentlessly analyze the active tactics we’re seeing among cybercriminals and look ahead in the evolution of these practices. The work being done within SpyCloud Labs is a real game-changer within the security industry and provides enterprises with the tools they need to protect themselves today.

Damon Fleury, Chief Product Officer at SpyCloud
The team of analysts and researchers who make up SpyCloud Labs is led by top cyber industry expert, Trevor Hilligoss, who spent a decade tracking both cybercriminal and nation-state actors for the Department of Defense and FBI prior to joining SpyCloud to lead the Security Research team in 2022. As Vice President of SpyCloud Labs, Hilligoss is committed to identifying and sharing actionable insights from Labs’ research efforts, sharing cutting-edge research with the broader InfoSec community and customers of SpyCloud’s solutions alike. The diverse SpyCloud Labs team is composed of well-respected industry researchers and analysts with deep knowledge, specializing in reverse-engineering, malware threats, and global threat actor communities.

“The team we’ve put together here at SpyCloud Labs is wildly talented and deeply invested in connecting the dots about what the adversary is doing. As threat actors pivot and change, we’re keeping a close eye and uncovering new, valuable information every single day that can inform attack prevention strategies.

Trevor Hilligoss, Vice President of SpyCloud Labs

The launch of SpyCloud Labs comes as threat actors increasingly leverage infostealer malware like LummaC2 and Atomic Stealer to improve their tactics and drastically broaden attack success. In the near-term, SpyCloud Labs is positioned to heavily focus on the rise of malware threats, but remains agile to pivot and expand its focus in tandem with evolving cybercriminal behavior.

The latest research from SpyCloud Labs is available at

Interested in staying up to date on the latest threats, trends, and tactics? Follow us on X @SpyCloudLabs.

About SpyCloud

SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Its products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, safeguard employee and consumer identities, and investigate cybercrime incidents. Its unique data from breaches, malware-infected devices, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include half of the ten largest global enterprises, mid-size companies, and government agencies around the world. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to make the internet safer with automated solutions that help organizations combat cybercrime.

To learn more and see insights on your company’s exposed data, visit

For additional information: Sage Communications,
Product or service names mentioned herein may be the trademarks of their respective owners.

Recent Posts

Check Your Company's Exposure

See your real-time exposure details powered by SpyCloud.

[What’s New] Check Your Exposure has been expanded with more recaptured data. See Your Results Now

Close this search box.