Tag: Attackers

ShadowSyndicate is an opportunistic, financially-motivated threat actor, active since July 2022, who was linked with various ransomware strains such as Quantum.

Magnet Goblin is a financially motivated threat actor who quickly leverages 1-day vulnerabilities, often in edge devices, after their disclosure.

The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads.

Black Basta employs a double extortion scheme that involves exfiltrating confidential data before encryption to threaten victims with public release.

Bitfrost collects the victim's hostname, IP address, and process IDs, then uses RC4 encryption to secure it before transmission to the C2.

BIFROSE malware are backdoors that often arrive on systems either downloaded by users when visiting malicious sites or downloaded by other malware/spyware.

Winter Vivern is a cyberespionage group to have been active since at least 2020 and it targets governments in Europe and Central Asia.

Volt Typhoon has been active since at least 2021 and primarily targets U.S government and defense organizations for intelligence-gathering purposes.

The 8220 Gang is an active threat group known for scanning and exploiting vulnerabilities in cloud and container environments.

DarkCasino was discovered in 2021 and has launched attacks against banks, cryptocurrency platforms, gambling sites and casinos, and stock trading platforms.