CMD Organization surfaced on trackers in mid-May 2026 and has since claimed 14 victims, with 12 of those claims filed in the past 30 days alone, indicating a sharp acceleration in operational tempo. The group shows no obvious vertical specialization, having claimed targets across healthcare, education, agriculture, consumer services, and business services, though U.S. organizations account for more than half of all named victims, with the UK and India also appearing in multiple recent claims. The pace and breadth of targeting, spanning a Texas school district, an Indian medical device firm, a British refrigeration company, and an Australian RV retailer within a single week, suggests either a broad affiliate network or opportunistic scanning rather than deliberate sector strategy. No formal TTP catalogue has been published for this group yet, and no description is on file, so behavioral details beyond the claimed victim postings remain unconfirmed. CMD Organization should be treated as an active, volume-focused extortion actor whose full capabilities and tooling are not yet characterized by open-source reporting.