M3rx has posted 12 claimed victims in the last 30 days, out of 15 total since first appearing on trackers in May 2026, signaling a sharp acceleration in activity over a very short operational window. The June 11 batch alone listed at least seven organizations spanning Canada, Norway, Germany, Mexico, Japan, and the US, with Business Services the most frequently targeted sector, followed by Technology and Manufacturing. The group is described as using AES-CTR and AES-GCM encryption schemes, and its rapid multi-country spread across small-to-mid-sized firms suggests opportunistic targeting rather than a tightly scoped campaign. No detailed MITRE-mapped TTPs have been publicly catalogued for this group yet, though the breadth of claimed victims across disparate geographies and sectors is consistent with groups that rely on exposed remote services or purchased initial access to cast a wide net.