ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers

Security experts have discovered the physical assets of a threat actor known as ShadowSyndicate, which is believed to have used seven different ransomware families in attacks over the past year.

ShadowSyndicate’s usage of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play ransomware is attributed with varying degrees of confidence by Group-IB analysts working with Bridewell and independent researcher Michael Koczwara.

The threat actor may be an initial access broker (IAB), according to the researchers’ conclusions, even if the data points out that ShadowSyndicate is connected to a number of ransomware activities.

Based on a unique SSH fingerprint they found on 85 IP servers, the majority of which were identified as Cobalt Strike command and control machines read more ShadowSyndicate hackers linked to multiple ransomware ops.

Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *