An apparatus, including systems and methods, for classifying, mapping, and predicting cybercriminal activity is disclosed herein. For example, in some embodiments, an apparatus is configured to: receive cybercriminal communication (CCC) data of postings from a source forum; identify, classify, and rank a threat topic for each posting; identify a first subset of postings that includes postings assigned the threat topic classification with the greatest threat topic rank; for each posting of the first subset of postings: identify and rank the threat actor; identify a second subset of postings that includes postings associated with the threat actor assigned the greatest threat actor rank; and send, to a cybersecurity data exchange module, the CCC data of the second subset of postings and associated enriched data including the source forum, the threat topic classifications, the threat actor, the threat actor rank, or the other threat actors that mentioned the threat actor.